Author : Mayuri M More 1
Date of Publication :20th April 2018
Abstract: Insider data theft attacks are caused by a masquerader stealing a real user's credentials and using them to mimic the authenticated user and to carry out malicious activities. Prior work focuses on user behavior profiling techniques and baiting techniques, but profiling user behavior using single modeling technique suffers from a considerable number of false positives. Also, decoys are stored at noticeable locations rather than using automatically generated decoys which may not give significant accuracy to the detection system. The proposed system will extend prior work and presents an inbuilt detection mechanism where behavior profiling will be done by the combination of more than one classifier, each using the different modeling technique to decrease false positive rate. Along with this, the system will include a baiting approach based on an automated generation of demand decoy documents on the user's file system and user authentication by challenge questions, to provide more accuracy. The proposed system could give a powerful protection mechanism against malicious insider data theft attacks.
Reference :
-
- Salvatore J. Stolfo,Malek Ben Salem, Angelos D. Keromytis,“ Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud”, IEEE Symposium on Security and Privacy Workshops, July 2012
- Maxion, Roy A. and Townsend, Tahlia N, “Masquerade Detection Using Truncated Command Lines”, International Conference on Dependable Systems and Networks (DSN- 02), Washington, D.C, June 2002
- D. Godoy and A. Amandi, “User profiling in personal information agents: a survey,” Knowl. Eng. Rev., Dec. 2005.
- Maybury, M., Chase, P., Cheikes, B., Brackney, D., Matzner, S., Hether- ington, T., Wood, B., Sibley, C., Marin, J., and Longstaff, T. Analysis and detection of malicious insiders. In Proceedings of the International Conference on Intelligence Analysis, jun 2005.
- Dzeroski S., and Zenko B. “Is combining classifiers better than selecting the best one” In Proceedings of the Nineteenth International Conference on Machine Learning San Francisco, CA, USA, 2002.
- Ben-Salem, M., and Stolfo, S. J., “ Detecting masqueraders: A comparison of one class bag-of-words user behavior modeling techniques.” In MIST '10: Proceedings of the Second International Workshop on Managing Insider Security Threats, Japan, June 2010
- M. Ben-Salem and S. J. Stolfo, “Combining a baiting and a user search profiling techniques for masquerade detection,” In Columbia University Computer Science Department, 2011
- Lingaswami,G. Avinash Reddy, “Offensive Decoy Technology For Cloud Data Attacks.”,International Journal of P2P Network Trends and Technology, Nov 2013.
- Cloud Security Alliance, “Top Threat to Cloud Computing”, March 2010.
- A. McCallurn, K. Nigam, “A Comparison of Event Models for Naive Bayes Text Classification”, Workshopon Learning for Text Categorization, 1998.