Abstract
Masquerade attack refers to an attack that uses a fake identity, to gain unauthorized access to personal computer information through legitimate access identification. Automatic discovery of masqueraders is sometimes undertaken by detecting significant departures from normal user behavior. If a user’s normal profile deviates from their original behavior, it could potentially signal an ongoing masquerade attack. In this paper we proposed a new framework to capture data in a comprehensive manner by collecting data in different layers across multiple applications. Our approach generates feature vectors which contain the output gained from analysis across multiple layers such as Window Data, Mouse Data, Keyboard Data, Command Line Data, File Access Data and Authentication Data. We evaluated our approach by several experiments with a significant number of participants. Our experimental results show better detection rates with acceptable false positives which none of the earlier approaches has achieved this level of accuracy so far.
Chapter PDF
Similar content being viewed by others
References
Garg, A., Rahalkar, R., Upadhyaya: Profiling Users in GUI Based Systems for Masquerade Detection. In: Proc. of 2006 IEEE Information Assurance Workshop (IAW), New York (2006)
Bhukya, W., Kommuru, S., Negi, A.: Masquerade Detection Based Upon GUI User Profiling in Linux Systems. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 228–239. Springer, Heidelberg (2007)
Imsand, E.S., Hamilton Jr., J.A.: GUI Usage Analysis for Masquerade Detection. In: Proceedings of 2007 IEEE, Information Assurance Workshop (IAW 2007), New York (2007)
Saljooghinejad, H., Rathore, W.N.: Multi Application User Profiling for Masquerade Attack Detection. In: Abraham, A., Lloret Mauri, J., Buford, J.F., Suzuki, J., Thampi, S.M. (eds.) ACC 2011, Part II. CCIS, vol. 191, pp. 676–684. Springer, Heidelberg (2011)
Kim, H.S., Cha, S.D.: Empirical evaluation of svm-based masquerade detection using Unix commands. Computers and Security 24(2), 160–168 (2005)
Schonlau, M., DuMouchel, W., Ju, W.-H., Karr, A.F., Theus, M., Vardi, Y.: Computer Intrusion: Detecting Masquerades. Statistical Science 16, 58–74 (2001)
Maxion, R.A., Townsend, T.N.: Masquerade Detection Using Truncated Command Lines. In: Proceedings of Int. Conf. on Dependable System & Networks (DSN 2002), pp. 219–228 (2002)
Maxion, R.A.: Masquerade Detection Using Enriched Command Lines. In: Proceedings of Int. Conference on Dependable Systems and Networks (DSN 2003), CA (June 2003)
Lane, T., Brodley, C.E.: An Application of Machine Learning to Anomaly Detection. In: Proceedings of 20th National Information System Security Conf., vol. 1, pp. 366–380 (1997)
Joachims, T.: Text Categorization with SVM: Learning with Many Relevant Features. In: Nédellec, C., Rouveirol, C. (eds.) ECML 1998. LNCS, vol. 1398, pp. 137–142. Springer, Heidelberg (1998)
Joachims, T.: Transductive Inference for Text Classification Using Support Vector Machines. In: Proc. European Conf. Machine Learning (ECML 1999), June 27-30 (1999)
Pusara, M., Brodley, C.: User Re-authentication via mouse movements. In: Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, USA (2004)
McCallum, A., Nigam, K.: A comparison of event models for naivebayes text classification. In: Learning for Text Categorization, AAAI Workshop, Wisconsin, July 27, pp. 41–48 (1998)
Chawla, N.V., Hall, L.O., Bowyer, K.W.: SMOTE: Synthetic Minority Oversampling Technique. Journal of Artificial Intelligence Research 16, 321–357 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Saljooghinejad, H., Bhukya, W.N. (2012). Layered Security Architecture for Masquerade Attack Detection. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-31540-4_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31539-8
Online ISBN: 978-3-642-31540-4
eBook Packages: Computer ScienceComputer Science (R0)