Proactive Detection of Insider Attacks

Liebald, Benjamin; Roth, Dan; Shah, Neelay; Srikumar, Vivek

Permalink

https://hdl.handle.net/2142/11370 Copy

Description

Title

Proactive Detection of Insider Attacks

Author(s)

• Liebald, Benjamin
• Roth, Dan
• Shah, Neelay
• Srikumar, Vivek

Issue Date

2007-07

Keyword(s)

computer security

Abstract

Insider attacks are a significant threat to IT infrastructures and are difficult to detect. The problem is exacerbated if the attacker explicitly tries to masquerade as a legitimate user and evade detection. In this paper, we describe a novel approach for detecting these attacks, where the intrusion detection system (IDS) proactively influences the user's perception of the system. The IDS does so by switching among a set of situational contexts and observing the user's reaction to these changes. This is done in a way that poses no significant problem to legitimate users, but creates difficulties for attackers that have learned the system in specific contexts, and therefore cannot improvise well enough to avoid being detected. We present a framework for a generic proactive IDS that shows promising experimental results, suggesting that this method can indeed be effective in detecting masquerade attacks in a variety of domains. We also present an implementation of this idea in a behavioral biometrics domain, where we show that making the IDS proactive enables detection of masquerades.

Type of Resource

text

Permalink

http://hdl.handle.net/2142/11370

Copyright and License Information

You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).

Owning Collections