Abstract
Different from outside attacks, malicious insiders steal sensitive data or sabotage information systems through misuse of privilege or identity theft (masquerader). These attacks, which are very hard to detect, can cause considerable damages to the organization. Most previous detection methods are based on single observable, which can find insider attacks to some extent; as for intent analysis, their usage seems to be limited. In this paper, we monitor users’ various observables on host, and then build a new framework based on data fusion technique to locate this situation. Our framework is more precise for masquerader detection and capable of analyzing attack intents.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Afghan War Diary, 2004-2010 (July 2010), http://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010
Cyber-Insider Threat (CINDER) (2010), http://www.darpa.mil/Our_Work/I2O/Programs/Cyber-Insider_Threat_CINDER.aspx
Yampolskiy, R.V.: Human computer interaction based intrusion detection. IEEE (2007)
Salem, M., Stolfo, S.: Modeling user search behavior for masquerade detection. Springer (2011)
Hall, D.L., Llinas, J.: An introduction to multisensor data fusion. Proceedings of the IEEE 85(1), 6–23 (1997)
Parker, D.B.: Fighting computer crime: A new framework for protecting information. John Wiley & Sons, Inc. (1998)
Magklaras, G., Furnell, S.: Insider threat prediction tool: Evaluating the probability of IT misuse. Computers & Security 21(1), 62–73 (2001)
Process Monitor v3.01 (2012), http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Dowland, P., Furnell, S., Papadaki, M.: Keystroke analysis as a method of advanced user authentication and response. Kluwer, BV (2002)
Pusara, M., Brodley, C.E.: User re-authentication via mouse movements. ACM (2004)
Bass, T.: Intrusion detection systems and multisensor data fusion. Communications of the ACM 43(4), 99–105 (2000)
Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. ACM (2002)
Yang, S.J., et al.: High level information fusion for tracking and projection of multistage cyber attacks. Information Fusion 10(1), 107–121 (2009)
Matzner, S.N.: Approaches to Insider Threat Mitigation. ISSA Journal, 6–8 (2004)
Feng, Z.N.D.: Situation Assessment and Threat Assessment Technique in Data Fusion. Electronic Warfare 1 (2007)
Maybury, M.: Analysis and detection of malicious insiders. DTIC Document (2005)
Tang, K., Zhao, M., Zhou, M.: Cyber Insider Threats Situation Awareness Using Game Theory and Information Fusion-based User Behavior Predicting Algorithm. Journal of Information & Computational Science 8(3), 529–545 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xiaojun, C., Jinqiao, S., Yiguo, P., Haoliang, Z. (2013). An Intent-Driven Masquerader Detection Framework Based on Data Fusion. In: Yuan, Y., Wu, X., Lu, Y. (eds) Trustworthy Computing and Services. ISCTCS 2012. Communications in Computer and Information Science, vol 320. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35795-4_57
Download citation
DOI: https://doi.org/10.1007/978-3-642-35795-4_57
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35794-7
Online ISBN: 978-3-642-35795-4
eBook Packages: Computer ScienceComputer Science (R0)