Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Detecting masquerades in intrusion detection based on unpopular commands
Information Processing Letters
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Hiding Intrusions: From the Abnormal to the Normal and Beyond
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
RACOON: Rapidly Generating User Command Data For Anomaly Detection From Customizable Templates
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Using AUC and Accuracy in Evaluating Learning Algorithms
IEEE Transactions on Knowledge and Data Engineering
On understanding and classifying web queries
On understanding and classifying web queries
On the Contribution of Preamble to Information Hiding in Mimicry Attacks
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Sequence alignment for masquerade detection
Computational Statistics & Data Analysis
Identifying hierarchical structure in sequences: a linear-time algorithm
Journal of Artificial Intelligence Research
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Why did my detector do that?!: predicting keystroke-dynamics error rates
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Information-Theoretic Detection of Masquerade Mimicry Attacks
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Hybrid method for detecting masqueraders using session folding and hidden markov models
MICAI'06 Proceedings of the 5th Mexican international conference on Artificial Intelligence
Masquerade detection via customized grammars
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Improving host-based IDS with argument abstraction to prevent mimicry attacks
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Modeling user search behavior for masquerade detection
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Towards building a masquerade detection method based on user file system navigation
MICAI'11 Proceedings of the 10th Mexican international conference on Advances in Artificial Intelligence - Volume Part I
Expert Systems with Applications: An International Journal
Hi-index | 0.00 |
This paper presents a set of methods for building masquerade attacks. Each method takes into account the profile of the user to be impersonated, thus capturing an intruder strategy. Knowledge about user behavior is extracted from several statistics, including the frequency at which a user types a specific group of commands. It is then expressed by rules, which are applied to synthesize computer sessions that mimic the attack as ordinary user behavior. The masquerade attack datasets have been validated by making a set of Intrusion Detection Systems (IDS) try to detect user impersonation, this way showing the capabilities of each masquerade synthesis method for evading detection. Results demonstrate that a better performance of masquerade attacks can be obtained by using methods based on behavioral rules rather than those based only on a single statistic. Summing up, masquerade attacks exhibit a good strategy for bypassing an IDS.