Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2012: Data and Applications Security and Privacy XXVI pp 255–262Cite as

  1. Home
  2. Data and Applications Security and Privacy XXVI
  3. Conference paper
Layered Security Architecture for Masquerade Attack Detection

Layered Security Architecture for Masquerade Attack Detection

  • Hamed Saljooghinejad17 &
  • Wilson Naik Bhukya17 
  • Conference paper
  • 2061 Accesses

  • 4 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7371)

Abstract

Masquerade attack refers to an attack that uses a fake identity, to gain unauthorized access to personal computer information through legitimate access identification. Automatic discovery of masqueraders is sometimes undertaken by detecting significant departures from normal user behavior. If a user’s normal profile deviates from their original behavior, it could potentially signal an ongoing masquerade attack. In this paper we proposed a new framework to capture data in a comprehensive manner by collecting data in different layers across multiple applications. Our approach generates feature vectors which contain the output gained from analysis across multiple layers such as Window Data, Mouse Data, Keyboard Data, Command Line Data, File Access Data and Authentication Data. We evaluated our approach by several experiments with a significant number of participants. Our experimental results show better detection rates with acceptable false positives which none of the earlier approaches has achieved this level of accuracy so far.

Keywords

  • Masquerade Detection
  • Intrusion Detection System
  • Anomaly Detection
  • User Profiling

Download conference paper PDF

References

  1. Garg, A., Rahalkar, R., Upadhyaya: Profiling Users in GUI Based Systems for Masquerade Detection. In: Proc. of 2006 IEEE Information Assurance Workshop (IAW), New York (2006)

    Google Scholar 

  2. Bhukya, W., Kommuru, S., Negi, A.: Masquerade Detection Based Upon GUI User Profiling in Linux Systems. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 228–239. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  3. Imsand, E.S., Hamilton Jr., J.A.: GUI Usage Analysis for Masquerade Detection. In: Proceedings of 2007 IEEE, Information Assurance Workshop (IAW 2007), New York (2007)

    Google Scholar 

  4. Saljooghinejad, H., Rathore, W.N.: Multi Application User Profiling for Masquerade Attack Detection. In: Abraham, A., Lloret Mauri, J., Buford, J.F., Suzuki, J., Thampi, S.M. (eds.) ACC 2011, Part II. CCIS, vol. 191, pp. 676–684. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  5. Kim, H.S., Cha, S.D.: Empirical evaluation of svm-based masquerade detection using Unix commands. Computers and Security 24(2), 160–168 (2005)

    CrossRef  Google Scholar 

  6. Schonlau, M., DuMouchel, W., Ju, W.-H., Karr, A.F., Theus, M., Vardi, Y.: Computer Intrusion: Detecting Masquerades. Statistical Science 16, 58–74 (2001)

    CrossRef  MathSciNet  MATH  Google Scholar 

  7. Maxion, R.A., Townsend, T.N.: Masquerade Detection Using Truncated Command Lines. In: Proceedings of Int. Conf. on Dependable System & Networks (DSN 2002), pp. 219–228 (2002)

    Google Scholar 

  8. Maxion, R.A.: Masquerade Detection Using Enriched Command Lines. In: Proceedings of Int. Conference on Dependable Systems and Networks (DSN 2003), CA (June 2003)

    Google Scholar 

  9. Lane, T., Brodley, C.E.: An Application of Machine Learning to Anomaly Detection. In: Proceedings of 20th National Information System Security Conf., vol. 1, pp. 366–380 (1997)

    Google Scholar 

  10. Joachims, T.: Text Categorization with SVM: Learning with Many Relevant Features. In: Nédellec, C., Rouveirol, C. (eds.) ECML 1998. LNCS, vol. 1398, pp. 137–142. Springer, Heidelberg (1998)

    CrossRef  Google Scholar 

  11. Joachims, T.: Transductive Inference for Text Classification Using Support Vector Machines. In: Proc. European Conf. Machine Learning (ECML 1999), June 27-30 (1999)

    Google Scholar 

  12. Pusara, M., Brodley, C.: User Re-authentication via mouse movements. In: Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, USA (2004)

    Google Scholar 

  13. http://www.cs.waikato.ac.nz/ml/weka/

  14. McCallum, A., Nigam, K.: A comparison of event models for naivebayes text classification. In: Learning for Text Categorization, AAAI Workshop, Wisconsin, July 27, pp. 41–48 (1998)

    Google Scholar 

  15. Chawla, N.V., Hall, L.O., Bowyer, K.W.: SMOTE: Synthetic Minority Oversampling Technique. Journal of Artificial Intelligence Research 16, 321–357 (2002)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Science, University of Hyderabad, Hyderabad, India

    Hamed Saljooghinejad & Wilson Naik Bhukya

Authors
  1. Hamed Saljooghinejad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wilson Naik Bhukya
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Campus de Rennes 2, rue de la Châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia, Frédéric Cuppens & Joaquin Garcia-Alfaro,  & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Saljooghinejad, H., Bhukya, W.N. (2012). Layered Security Architecture for Masquerade Attack Detection. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_19

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-31540-4_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31539-8

  • Online ISBN: 978-3-642-31540-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature