Proactive Detection of Insider Attacks

Insider attacks are a significant threat to IT infrastructures and are difficult to detect. The problem is exacerbated if the attacker explicitly tries to masquerade as a legitimate user and evade detection. In this paper, we describe a novel approach for detecting these attacks, where the intrusion detection system (IDS) proactively influences the user’s perception of the system. The IDS does so by switching among a set of situational contexts and observing the user’s reaction to these changes. This is done in a way that poses no significant problem to legitimate users, but creates difficulties for attackers that have learned the system in specific contexts, and therefore cannot improvise well enough to avoid being detected. We present a framework for a generic proactive IDS that shows promising experimental results, suggesting that this method can indeed be effective in detecting masquerade attacks in a variety of domains. We also present an implementation of this idea in a behavioral biometrics domain, where we show that making the IDS proactive enables detection of masquerades.

[1]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[2]  Rich Caruana,et al.  Predicting good probabilities with supervised learning , 2005, ICML.

[3]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  Kwong H. Yung,et al.  Using Feedback to Improve Masquerade Detection , 2003, ACNS.

[5]  William DuMouchel,et al.  Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities , 1999 .

[6]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[7]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.

[8]  Yehuda Vardi,et al.  A Hybrid High-Order Markov Chain Model for Computer Intrusion Detection , 2001 .

[9]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[10]  Leonid N. Vaserstein,et al.  Introduction to Linear Programming , 2018, Linear Programming and Resource Allocation Modeling.

[11]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Ana L. N. Fred,et al.  An Identity Authentication System Based On Human Computer Interaction Behaviour , 2003, PRIS.

[13]  Chih-Jen Lin,et al.  A Practical Guide to Support Vector Classication , 2008 .

[14]  Roy A. Maxion,et al.  Masquerade detection using truncated command lines , 2002, Proceedings International Conference on Dependable Systems and Networks.

[15]  A Charnes,et al.  Constrained Games and Linear Programming. , 1953, Proceedings of the National Academy of Sciences of the United States of America.

[16]  Ronggong Song,et al.  Towards Designing Secure Online Games , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).