Skip to main content
SpringerLink
Log in

Experimenting with masquerade detection via user task usage

  • Original Paper
  • Published:
International Journal on Interactive Design and Manufacturing (IJIDeM) Aims and scope Submit manuscript

Abstract

Detecting whether a given activity in a device, corresponds to a legitimate device user or not, is usually carried out by looking for deviations in behavior against a normal usage baseline. One approach to this problem, called masquerade detection, uses the file system navigation information, comprised of the files, folders, and how the user navigates between them, to construct the normal usage baseline. Atop the file system navigation approach for masquerade detection, there is an alternate representation of file system usage which abstracts away a collection of interrelated files into a single symbol, denoting a task; thus, touching any of these files amounts to simply as executing a task. In this paper, we propose a refined notion of the task abstraction, which allows for a better characterization of the user. The improved abstraction makes possible to obtain a better Masquerade Detection System with increased efficiency, resulting in a faster detection of masqueraders.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

References

  1. Ben-Salem, M., Stolfo, S.: Modeling user search behavior for masquerade detection. Computer Science Technical Reports 033, Columbia University (2010)

  2. Camiña, JB., Monroy, R., Trejo, L., Sánchez, E.: Towards building a masquerade detection method based on user file system navigation. In: Batyrshin, I., Sidorov, G. (eds) Proceedings of the Mexican international conference on artificial intelligence, MICAI‘11, pp 174–186 (2011)

  3. Camiña, J.B., Hernández-Gracidas, C., Monroy, R., Trejo, L.: The windows-users and -intruder simulations logs dataset (wuil): An experimental framework for masquerade detection mechanisms. Expert Syst. Appl. 41, 919–930 (2014)

    Article  Google Scholar 

  4. Camiña, J.B., Rodríguez, J., Monroy, R.: Towards a masquerade detection system based on user’s tasks. Research in attacks, intrusions and defenses, pp. 447–465. Springer, New York (2014). (Intrusions and Defenses)

  5. Camina, J., Monroy, R., Trejo, L., Medina-Perez, M.: Temporal and spatial locality: an abstraction for masquerade detection. In: IEEE transactions on information Forensics and Security pp 2036–2051 (2016)

  6. Demšar, J.: Statistical comparisons of classifiers over multiple data sets. J. Mach. Learn. Res. 7, 1–30 (2006)

    MathSciNet  MATH  Google Scholar 

  7. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987)

    Article  Google Scholar 

  8. El Masri, A., Wechsler, H., Likarish, P., Kang, BB.: Identifying users with application-specific command streams. In: Privacy, security and trust (PST), 2014 twelfth annual international conference on, IEEE, pp 232–238 (2014)

  9. García, S., Herrera, F.: An extension on “statistical comparisons of classifiers over multiple data sets” for all pairwise comparisons. J. Mach. Learn. Res. 9, 2677–2694 (2008)

    MATH  Google Scholar 

  10. Garg, A., Rahalkar, R., Upadhyaya, S., Kwiat, K.: Profiling users in GUI based systems masquerade detection. In: Proceedings of the 7th IEEE information assurance workshop, IEEE computer society press, pp 48–54 (2006)

  11. Gates, C.S., Li, N., Xu, Z., Chari, S., Molloy, I., Park, Y.: Detecting insider information theft using features from file access logs. In: Kutylowski, M., Vaidya, J. (eds.) European symposium on research in computer security ESORICS, pp. 383–400. Springer, New York (2014). (Lecture Notes in Computer Science)

    Google Scholar 

  12. Greenberg, S.: Using unix: collected traces of 168 users. Department of Computer Science. University of Calgary, Calgary (1988). (Tech. rep.)

    Google Scholar 

  13. Japkowicz, N.: Concept-learning in the absence of counter-examples: an autoassociation-based approach to classification. Ph.D. thesis, Rutgers, The State University of New Jersey (1999)

  14. Jha, S., Tan, K., Maxion, RA.: Markov chains, classifiers, and intrusion detection. In: 14th IEEE computer security foundations workshop, 2001., IEEE, pp 206–219 (2001)

  15. Killourhy, K., Maxion, R.A.: Why did my detector do that-predicting keystroke-dynamics error rates. In: Jha, S., Sommer, R., Kreibich, C. (eds.) Recent advances in intrusion detection, 13th international symposium, RAID 2010, pp 256–276. Springer, Berlin Heidelberg (2010)

  16. Killourhy, KS., Maxion, RA.: Comparing anomaly-detection algorithms for keystroke dynamics. In: DSN, pp 125–134 (2009)

  17. Linton, F., Joy, D., Schaefer, H.P., Charron, A.: Owl: a recommender system for organization-wide learning. Educ. Technol. Soc. 3(1), 62–76 (2000)

    Google Scholar 

  18. Maxion, R.A.: Masquerade detection using enriched command lines. In: Proceedings of the international conference on dependable systems and networks, DSN‘03, pp 5–14. IEEE Computer Society Press, San Francisco, CA, USA (2003)

  19. Maxion, R.A., Townsend, T.N.: Masquerade detection using truncated command lines. In: Proceedings of the international conference on dependable systems and networks, DSN 2002, 219–228 (2002)

  20. McCallum, A., Nigam, K., et al.: A comparison of event models for naive bayes text classification. In: AAAI-98 workshop on learning for text categorization, 752, 41–48 (1998)

  21. Medina-Pérez, MA., Monroy, R., Camiña, JB., García-Borroto, M.: Bagging-tpminer: a classifier ensemble for masquerader detection based on typical objects. Soft Computing pp 1–13 (2016)

  22. Messerman, A., Mustafic T, Camtepe, S., Albayrak, S.: Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics. In: Proceedings of the international joint conference on biometrics, IJCB 2011, IEEE computer society press, pp 1–8 (2011)

  23. Morales, A., Fierrez, J., Ortega-Garcia, J.: Towards predicting good users for biometric recognition based on keystroke dynamics. In: Agapito, L., Bronstein, M.M., Rother, C. (eds.) Computer vision workshop—ECCV 2014 workshops, part II, pp 711–724. Springer, Lecture Notes in Computer Science (2014)

  24. Pusara, M., Brodley, CE.: User re-authentication via mouse movements. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security, ACM, New York, USA, VizSEC/DMSEC ’04, pp 1–8 (2004)

  25. Rabiner, L.R.: A tutorial on hidden Markov models and selected applications in speech recognition. Proc. IEEE 77(2), 257–286 (1989)

    Article  Google Scholar 

  26. Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: detecting masquerades. Stat. Sci. 16(1), 58–74 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  27. Song, Y., Ben-Salem, M., Hershkop, S., Stolfo, S.: System level user behavior biometrics using fisher features and gaussian mixture models. In: Security and privacy workshops, SPW 2013, IEEE computer society press, pp 52–59 (2013)

  28. Vidal, J., Sandoval, A., García, L.: Online masquerade detection resistant to mimicry. Expert Syst. Appl. 61, 162–180 (2016)

    Article  Google Scholar 

  29. Wang, X., Sun, Y., Wang, Y.: An abnormal file access behavior detection approach based on file path diversity. In: Jia X, Xing Y (eds) International conference on information and communication technologies (ICT), Institution of Engineering and Technology, pp 455–459 (2014)

  30. Weiss, A., Ramapanicker, A., Shah, P., Noble, S., Immohr, L.: Mouse movements biometric identification: a feasibility study Proceedings of Student/Faculty Research Day. pp c2.1–c2.8. Pace University (2007)

  31. Zhou, G., Sohn, K., Lee, H.: Online incremental feature learning with denoising autoencoders. In: International conference on artificial intelligence and statistics, pp 1453–1461 (2012)

Download references

Acknowledgements

We thank the members of the GIEE-ML group at Tecnológico de Monterrey for providing useful suggestions and advice on this research. J. Rodríguez is currently supported by CONACYT scholarship 376099.

Author information

Authors and Affiliations

  1. School of Science and Engineering, Tecnológico de Monterrey, Carretera al Lago de Guadalupe Km, 3.5, Atizapán de Zaragoza, 52926, Estado de México, C.P., Mexico

    Jorge Rodríguez, Leonardo Cañete, Raúl Monroy & Miguel Angel Medina-Pérez

Authors
  1. Jorge Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Leonardo Cañete
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raúl Monroy
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Miguel Angel Medina-Pérez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jorge Rodríguez.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rodríguez, J., Cañete, L., Monroy, R. et al. Experimenting with masquerade detection via user task usage. Int J Interact Des Manuf 11, 771–784 (2017). https://doi.org/10.1007/s12008-016-0360-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12008-016-0360-1

Keywords

Search

Navigation