Detection of Insider Attack in Distributed Systems

The Insider (masquerade) attack, where an attacker takes on the identity of a authenticate user, such as valid usernames and passwords, to bypass safeguards ensuring confidentiality, integrity, and availability of information resources. Such attacks completely undermine traditional security mechanisms due to the trust imparted to user accounts once they have been authenticated. Attackers using valid credentials are difficult to detect without first generating a profile for the user credentials and then comparing user activity against established patterns. Many attempts have been made at detecting these attacks, yet achieving high levels of accuracy remains an open challenge. In this paper, we discuss the use the alignment algorithm to align sequences of monitored audit data with sequences known to have been produced by the user, the alignment algorithm can discover areas of similarity that indicates the presence or absence of masquerade attacks. This technique is evaluated against the data set comprised of truncated UNIX command sequences to detect masquerades based on the probability of commands

MoreLess

Year of publication:	2019
Authors:	Shaikh, Vikar
Other Persons:	Pattanshetti, Prof. Tanuja R (contributor)
Publisher:	[2019]: [S.l.] : SSRN
Subject:	Theorie \| Theory \| Vertriebsweg \| Distribution channel \| Insiderhandel \| Insider trading

Extent:	1 Online-Ressource (7 p)
Series:	Proceedings of International Conference on Communication and Information Processing (ICCIP) 2019
Type of publication:	Book / Working Paper
Language:	English
Notes:	Nach Informationen von SSRN wurde die ursprüngliche Fassung des Dokuments May 18, 2019 erstellt
Other identifiers:	10.2139/ssrn.3418487 [DOI]
Classification:	Y60 - Excerpts
Source:	ECONIS - Online Catalogue of the ZBW

Persistent link: https://www.econbiz.de/10012866825