Home

Combining a Baiting and a User Search Profiling Techniques for Masquerade Detection

Malek Ben Salem; Salvatore Stolfo

Title:
Combining a Baiting and a User Search Profiling Techniques for Masquerade Detection
Author(s):
Ben Salem, Malek
Stolfo, Salvatore
Date:
Type:
Technical reports
Department:
Computer Science
Permanent URL:
Series:
Columbia University Computer Science Technical Reports
Part Number:
CUCS-018-11
Publisher:
Department of Computer Science, Columbia University
Publisher Location:
New York
Abstract:
Masquerade attacks are characterized by an adversary stealing a legitimate user's credentials and using them to impersonate the victim and perform malicious activities, such as stealing information. Prior work on masquerade attack detection has focused on profiling legitimate user behavior and detecting abnormal behavior indicative of a masquerade attack. Like any anomaly-detection based techniques, detecting masquerade attacks by profiling user behavior suffers from a significant number of false positives. We extend prior work and provide a novel integrated detection approach in this paper. We combine a user behavior profiling technique with a baiting technique in order to more accurately detect masquerade activity. We show that using this integrated approach reduces the false positives by 36% when compared to user behavior profiling alone, while achieving almost perfect detection results. We also show how this combined detection approach serves as a mechanism for hardening the masquerade attack detector against mimicry attacks.
Subject(s):
Computer science
Item views:
499
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use