A Study on Masquerade Detection

In modern computer systems, usernames and passwords have been by far the most common forms of authentication. A security system relying only on password protection is defenseless when the passwords of legitimate users are compromised. A masquerader can impersonate a legitimate user by using a compromised password. An intrusion detection system (IDS) can provide an additional level of protection for a security system by inspecting user behavior. In terms of detection techniques, there are two types of IDSs: signature-based detection and anomaly-based detection. An anomaly-based intrusion detection technique consists of two steps: 1) creating a normal behavior model for legitimate users during the training process, 2) analyzing user behavior against the model during the detection process. In this project, we concentrate on masquerade detection, a specific type of anomaly-based IDS. We have first explored suitable techniques to build a normal behavior model for masquerade detection. After studying two existing modeling techniques, N-gram frequency and hidden Markov models (HMMs), we have developed a novel approach based on profile hidden Markov models (PHMMs). Then we have analyzed these three approaches using the classical Schonlau data set. To find the best detection results, we have also conducted sensitivity analysis on the modeling parameters. However, we have found that our proposed PHMMs do not outperform the corresponding HMMs. We conjectured that Schonlau data set lacked the position information required by the PHMMs. To verify this conjecture, we have also generated several data sets with position information. Our experimental results show that when there is no sufficient training data, the PHMMs yield considerably better detection results than the iv corresponding HMMs since the generated position information is significantly helpful for the PHMMs

Masquerade Detection Based On UNIX Commands

In this paper, we consider the problem of masquerade detection based on a UNIX system. A masquerader is an intruder who tries to remain undetected by impersonating a legitimate user. Masquerade detection is a special case of the general intrusion detection problem. We have collected data from a large number of users. This data includes infor- mation on user commands and a variety of other aspects of user behavior that can be used to construct a profile of a given user. Hidden Markov models have been used to train user profiles, and the various attack strategies have been analyzed. The results are compared to a standard dataset that offers a more limited view of user behavior

Masquerade Detection in Automotive Security

In this paper, we consider intrusion detection systems (IDS) in the context of a controller area network (CAN), which is also known as the CAN bus. We provide a discussion of various IDS topics, including masquerade detection, and we include a selective survey of previous research involving IDS in a CAN network. We also discuss background topics and relevant practical issues, such as data collection on the CAN bus. Finally, we present experimental results where we have applied a variety of machine learning techniques to CAN data. We use both actual and simulated data in order to detect the status of a vehicle from its network packets as well as detect masquerade behavior on a vehicle network

Anomaly recognition for intrusion detection on emergent monitoring environments

Tesis inédita de la Universidad Complutense de Madrid, Facultad de Informática, Departamento de Ingeniería del Software e Inteligencia Artificial, leída el 19/12/2018La proteccion de la informacion y el ciberespacio se ha convertido en un aspecto esencial en el soporte que garantiza el avance hacia los principales desafíos que plantean la sociedad de la informacion y las nuevas tecnologías. Pero a pesar del progreso en esta area, la eficacia de los ataques dirigidos contra sistemas de la informacion ha aumentado drasticamente en los ultimos años. Esto es debido a diferentes motivos: en primer lugar, cada vez mas usuarios hacen uso de tecnologías de la informacion para llevar a cabo actividades que involucren el intercambio de datos sensibles. Por otro lado, los atacantes cada vez disponen de una mayor cantidad de medios para la ejecucion de intentos de intrusion. Finalmente, es de especial relevancia la evolucion de los escenarios de monitorizacion. Este hecho es propiciado por el avance tecnologico, dando lugar a sistemas de computo mucho mas complejos, con mayor capacidad de procesamiento y que son capaces de manejar informacion masiva proporcionada por fuentes de diferente naturaleza...The security on information and cyberspace has become a fundamental component of the support that guarantees progress towards the main challenges posed by the information society and the new technologies. But despite progress in this research field, the effectiveness of the attacks against information systems has increased dramatically in recent years. This is due to different reasons: firstly, more and more users make use of information technologies to carry out activities that involve exchanges of sensitive data. On the other hand, attackers dispose an increasable amount of means for executing intrusion attempts. Finally, is of particular relevance the evolution of the protected environment, which is fostered by technological advances, hence giving rise to much more sophisticated computer systems, with greater processing capacity and which are able to handle massive information provided by sources of varying nature...Fac. de InformáticaTRUEunpu