Masquerade mimicry attack detection: A randomised approach

Computers and Security

Volumn 30, Issue 5, 2011, Pages 297-310

  Tapiador, Juan E ^a   Clark, John A ^a  

^a UNIVERSITY OF YORK   (United Kingdom)

Author keywords

Anomaly detection; Insider threats; Kullback Leibler divergence; Masqueraders; Mimicry attacks

Indexed keywords

COMPUTER SCIENCE; SECURITY OF DATA;

ANOMALY DETECTION; INSIDER THREAT; KULLBACK LEIBLER DIVERGENCE; MASQUERADERS; MIMICRY ATTACKS;

BEHAVIORAL RESEARCH;

EID: 79960838421     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2011.05.004     Document Type: Article

References (50)

1. M. Ben Salem, and S. Stolfo Masquerade attack detection using a search-behavior modeling approach 2009 Columbia University, Computer Science Department Technical report CUCS-027-09
2. M. Ben Salem, S. Hershkop, and S. Stolfo A survey of insider attack detection research Insider attack and cyber security: beyond the hacker 2008 Springer
3. M. Bertacchini, and P.I. Fierens Preliminary results on masquerader detection using compression-based similarity metrics Electron J SADIO 7 1 2007
4. B. Biggio, G. Fumera, and F. Roli Adversarial pattern classification using multiple classifiers and randomisation. Structutal, syntactic, and statistical pattern recognition LNCS 5342 2008 500 509
5. B.M. Bowen, M. Ben Salem, S. Hershkop, A.D. Keromytis, and S.J. Stolfo Designing host and network sensors to mitigate the insider threat IEEE Security & Privacy Nov/Dec 2009 22 29
6. D.D. Caputo, G.D. Stephens, and M.A. Maloof Detecting insider theft of trade secrets IEEE Security & Privacy Nov/Dec 2009 14 21
7. Chan-Tin E, Feldman D, Hopper N, and Kim Y, The frog-boiling attack: limitations of anomaly detection for secure network coordinate systems. In: Secure Comm; 2009.
8. Chen L and Dong G, Masquerader detection using OCLEP: one-class classification using Legth statistics of emerging patterns. In: WAIMW; 2006. p. 5.
9. Delvi N, Domingos P, Mausam S, Sanghai S and Verma D, Adversarial classification. In: ACM KDD; 2004. pp. 98-108.
10. F.A. Durán, S.H. Conrad, G.N. Conrad, D.P. Duggan, and E.B. Held Building a system for insider security IEEE Security & Privacy Nov/Dec 2009 30 38
11. J.A. Endler An overview of the relationships between mimicry and crypsis Biol J Linnean Soc 16 1 1981 25 31
12. Estevez-Tapiador JM, Garcia-Teodoro P and Diaz-Verdejo JE, Stochastic protocol modeling for anomaly-based network intrusion detection. In: IWIA; 2003. pp. 3-12.
13. Estevez-Tapiador JM, Garcia-Teodoro P and Diaz-Verdejo JE, Detection of web-based attacks through Markovian Protocol Parsing. In: ISCC; 2005. pp. 457-462. (Pubitemid 41543313)
14. Evans S, Eiland E, Markham S, Impson J, and Laczo A, MDL compress for intrusion detection: signature Inference and masquerade attack. In: MILCOM; 2007. pp. 1-7.
15. Fogla P and Lee W, Evading network anomaly detection systems: formal reasoning and practical techniques. In: CCS; 2006. pp. 59-68. (Pubitemid 47131356)
16. Fogla P, Sharif M, Perdisci R, Kolesnikov O, and Lee W, Polymorphic blending attacks. In: 15th USENIX Security Symposium; 2006.
17. Forrest S, Perelson AS, Allen L, and Cherukuri R, Self-nonself discrimination in a computer. In: IEEE Symp. Security and Privacy; 1994.
18. Forrest S, Hofmeyr SA, Somayaji A and.Longstaff TA, A sense of self for Unix processes. In: IEEE Symp. Security and Privacy; 1996.
19. Gao D, Reiter MK and Song D, On Gray-Box Program tracking for anomaly detection. In: USENIX Security Symposium; 2004.
20. M. Gebski, and R.K. Wong Intrusion detection via analysis and modelling of user commands DAWAK, LNCS Vol. 3589 2005 Springer-Verlag 388 397 (Pubitemid 41450419)
21. Giffin JT, Jha S and Miller BP, Automated discovery of mimicry attacks. In: RAID; 2006.
22. T. Hastie, R. Tibshirani, and J. Friedman The elements of statistical learning: data mining, inference, and prediction 2nd ed. 2009 Springer-Verlag
23. S. Hofmeyr, S. Forrest, and A. Somayaji Intrusion detection using sequences of system calls J Comput Security 6 1998 151 180
24. M.C. Jason Program Office Horizontal integration: broader access models for realizing information dominance Technical Report JSR-04-132 Dec 2004 The MITRE Corporation, JASON Program Office Mclean, Virginia http://www.fas.org/irp/ agency/dod/jason/classpol.pdf
25. Kayacik HG, Zincir-Heywood AN and Heywood MI, Automatically evading IDS using GP authored attacks. In: IEEE Conf. on Computational Intelligence for Security and Defense Applications; 2007.
26. Kearns M and Li M, Learning in the presence of malicious errors. In: Proc. ACM Symposium on Theory of computing; 1988. pp. 267-280.
27. Killourhy KS and Maxion RA, Toward realistic and artifact-free insider-threat data. In: ACSAC; 2007. pp. 87-96.
28. Kruegel C, Toth T and Kirda E, Service specific anomaly detection for network intrusion detection. In: SAC; 2002. pp. 201-208. (Pubitemid 35009592)
29. Kruegel C, Kirda E, Mutz D, Robertson W, and Vigna G, Automating mimicry attacks using static binary analysis. In: USENIX Security Symposium; 2005.
30. M. Latendresse Masquerade detection via customized grammars DIMVA 2005, LNCS Vol. 3548 2005 Springer-Verlag 141 159 (Pubitemid 41430271)
31. Lowd D and Meek C, Adversarial learning. In: ACM KDD; 2005.
32. Mahoney M and Chan PK, Learning nonstationary models of normal network traffic for etecting novel attacks. In: Proc. SIGKDD; 2002.
33. Mahoney M, Network traffic anomaly detection based on packet bytes. In: Proc. ACM SAC; 2003.
34. Maxion RA and Townsend TN, Masquerade detection using truncated command lines. In: DSN; 2002. pp. 219-228.
35. Maxion RA, Masquerade detection using enriched command Lines. In: DSN; 2003. pp. 5-14.
36. M. Oka, Y. Oyama, H. Abe, and K. Kato Anomaly detection using layered networks based on Eigen co-occurrence matrix RAID 2004, LNCS Vol. 3224 2004 Springer-Verlag 223 237 (Pubitemid 39741896)
37. S.L. Pfleeger, and S.J. Stolfo Addressing the insider threat IEEE Security & Privacy Nov/Dec 2009 10 13
38. Posadas R, Mex-Perera JC, Monroy R, Nolazco-Flores JA, Hybrid method for detecting masqueraders using session folding and hidden Markov models. In: Proc. 5th Mexican Intl. Conf. on Artificial Intelligence; 2006. pp. 622-631. (Pubitemid 46030660)
39. M. Schonlau, W. DuMouchel, W.-H. Ju, A.F. Karr, M. Theus, and Y. Vardi Computer intrusion: detecting masquerades Stat Sci 16 1 Feb 2001 58 74 (Pubitemid 33632847)
40. Sommer R and Paxson V, Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy; 2010.
41. Tan K, McHugh J and Killourhy KS, Hiding intrusions: from the abnormal to the normal and beyond. In: Proc. 5th Information Hiding Workshop; 2002.
42. Tan KMC, Killourhy KS and Maxion RA, Undermining an anomaly-based intrusion detection systems using common exploits. In: RAID;2002.
43. Tapiador JE and Clark JA, Information-theoretic detection of mimicry masquerade attacks. In: NSS; 2010. pp. 5-13.
44. Wagner D and Dean R, Intrusion detection via static analysis. In: Proc. of the 2001 IEEE Symposium on Security and Privacy; 2001. pp. 156-168. (Pubitemid 32882634)
45. Wagner D and Soto P, Mimicry attacks on host-based Intrusion detection systems. In: ACM CCS; 2002.
46. Wang K and Stolfo S, One-class training for masquerade detection. In: ICDM Workshop on Data Mining for Computer Security; 2003.
47. Wang K and Stolfo S, Anomalous payload-based network intrusion detection. In: RAID; 2004.
48. Wang K and Stolfo S, Anomalous payload-based worm detection and signature generation. In: RAID; 2005.
49. Warrender C, Forrest S and Pearlmutter B, Detecting intrusions using system calls: alternative data models. In: IEEE Symposium on Security and Privacy; 1999.
50. Y. Zhou, Z. Jorgensen, and M. Inge Combating good word attacks on statistical spam filters with multiple instance learning IEEE ICTAI 2007 298 305