The nature of statistical learning theory
The nature of statistical learning theory
Handling concept drifts in incremental learning with support vector machines
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Intrusion Detection: A Bioinformatics Approach
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Estimating the Support of a High-Dimensional Distribution
Neural Computation
Sequence alignment for masquerade detection
Computational Statistics & Data Analysis
ELICIT: a system for detecting insiders who violate need-to-know
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
LIBSVM: A library for support vector machines
ACM Transactions on Intelligent Systems and Technology (TIST)
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Masquerade attacks based on user's profile
Journal of Systems and Software
A survey of anomaly intrusion detection techniques
Journal of Computing Sciences in Colleges
Expert Systems with Applications: An International Journal
Hi-index | 0.00 |
Masquerade attacks are a common security problem that is a consequence of identity theft. This paper extends prior work by modeling user search behavior to detect deviations indicating a masquerade attack. We hypothesize that each individual user knows their own file system well enough to search in a limited, targeted and unique fashion in order to find information germane to their current task. Masqueraders, on the other hand, will likely not know the file system and layout of another user's desktop, and would likely search more extensively and broadly in a manner that is different than the victim user being impersonated. We identify actions linked to search and information access activities, and use them to build user models. The experimental results show that modeling search behavior reliably detects all masqueraders with a very low false positive rate of 1.1%, far better than prior published results. The limited set of features used for search behavior modeling also results in large performance gains over the same modeling techniques that use larger sets of features.