Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Honeypots: Catching the Insider Threat
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract)
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Forgive and forget: return to obscurity
Proceedings of the 2013 workshop on New security paradigms workshop
| Hi-index | 0.00 |
Masquerade attacks pose a grave security problem that is a consequence of identity theft. Detecting masqueraders is very hard. Prior work has focused on profiling legitimate user behavior and detecting deviations from that normal behavior that could potentially signal an ongoing masquerade attack. Such approaches suffer from high false positive rates. Other work investigated the use of trap-based mechanisms as a means for detecting insider attacks in general. In this paper, we investigate the use of such trap-based mechanisms for the detection of masquerade attacks. We evaluate the desirable properties of decoys deployed within a user's file space for detection.We investigate the trade-offs between these properties through two user studies, and propose recommendations for effective masquerade detection using decoy documents based on findings from our user studies.