Files in this item



application/pdfProactive Detection of Insider Attacks.pdf (221kB)
(no description provided)PDF


Title:Proactive Detection of Insider Attacks
Author(s):Liebald, Benjamin; Roth, Dan; Shah, Neelay; Srikumar, Vivek
Subject(s):computer security
Abstract:Insider attacks are a significant threat to IT infrastructures and are difficult to detect. The problem is exacerbated if the attacker explicitly tries to masquerade as a legitimate user and evade detection. In this paper, we describe a novel approach for detecting these attacks, where the intrusion detection system (IDS) proactively influences the user's perception of the system. The IDS does so by switching among a set of situational contexts and observing the user's reaction to these changes. This is done in a way that poses no significant problem to legitimate users, but creates difficulties for attackers that have learned the system in specific contexts, and therefore cannot improvise well enough to avoid being detected. We present a framework for a generic proactive IDS that shows promising experimental results, suggesting that this method can indeed be effective in detecting masquerade attacks in a variety of domains. We also present an implementation of this idea in a behavioral biometrics domain, where we show that making the IDS proactive enables detection of masquerades.
Issue Date:2007-07
Genre:Technical Report
Other Identifier(s):UIUCDCS-R-2007-2879
Rights Information:You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).
Date Available in IDEALS:2009-04-22

This item appears in the following Collection(s)

Item Statistics