Technical reports:
Decoy Document Deployment for Effective Masquerade Attack Detection
Malek Ben Salem; Salvatore Stolfo
Downloads:
- Title:
- Decoy Document Deployment for Effective Masquerade Attack Detection
- Author(s):
-
Ben Salem, Malek
Stolfo, Salvatore - Date:
- 2011
- Type:
- Technical reports
- Department:
- Computer Science
- Permanent URL:
- http://hdl.handle.net/10022/AC:P:10528
- Series:
- Columbia University Computer Science Technical Reports
- Part Number:
- CUCS-002-11
- Publisher:
- Department of Computer Science, Columbia University
- Publisher Location:
- New York
- Abstract:
- Masquerade attacks pose a grave security problem that is a consequence of identity theft. Detecting masqueraders is very hard. Prior work has focused on profiling legitimate user behavior and detecting deviations from that normal behavior that could potentially signal an ongoing masquerade attack. Such approaches suffer from high false positive rates. Other work investigated the use of trap-based mechanisms as a means for detecting insider attacks in general. In this paper, we investigate the use of such trap-based mechanisms for the detection of masquerade at tacks. We evaluate the desirable properties of decoys deployed within a user's file space for detection. We investigate the trade-offs between these properties through two user studies, and propose recommendations for effective masquerade detection using decoy documents based on findings from our user studies.
- Subject(s):
- Computer science
- Item views:
- 287