The String-to-String Correction Problem
Journal of the ACM (JACM)
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Detecting masquerades in intrusion detection based on unpopular commands
Information Processing Letters
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Intrusion Detection: A Bioinformatics Approach
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
HMM profiles for network traffic classification
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
MORPHEUS: motif oriented representations to purge hostile events from unlabeled sequences
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
On Inferring Application Protocol Behaviors in Encrypted Network Traffic
The Journal of Machine Learning Research
Robustness testing oracle using a sequence alignment algorithm
Proceedings of the First International Workshop on Software Test Output Validation
Modeling user search behavior for masquerade detection
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
A comparison of one-class bag-of-words user behavior modeling techniques for masquerade detection
Security and Communication Networks
Masquerade attacks based on user's profile
Journal of Systems and Software
A variable-length model for masquerade detection
Journal of Systems and Software
Hi-index | 0.03 |
The masquerade attack, where an attacker takes on the identity of a legitimate user to maliciously utilize that user's privileges, poses a serious threat to the security of information systems. Such attacks completely undermine traditional security mechanisms due to the trust imparted to user accounts once they have been authenticated. Many attempts have been made at detecting these attacks, yet achieving high levels of accuracy remains an open challenge. In this paper, we discuss the use of a specially tuned sequence alignment algorithm, typically used in bioinformatics, to detect instances of masquerading in sequences of computer audit data. By using the alignment algorithm to align sequences of monitored audit data with sequences known to have been produced by the user, the alignment algorithm can discover areas of similarity and derive a metric that indicates the presence or absence of masquerade attacks. Additionally, we present several scoring systems, methods for accommodating variations in user behavior, and heuristics for decreasing the computational requirements of the algorithm. Our technique is evaluated against the standard masquerade detection dataset provided by Schonlau et al. [Schonlau, M., DuMouchel, W., Ju, W.H., Karr, A.F., Theus, M., Vardi, Y., 2001. Computer intrusion: Detecting masquerades. Statistical Science 16 (1), 58-74], and the results show that the use of the sequence alignment technique provides, to our knowledge, the best results of all masquerade detection techniques to date.