Abstract
Compromised user credential (CUC) is an activity in which someone, such as a thief, cyber-criminal or attacker gains access to your login credentials for the purpose of theft, fraud, or business disruption. It has become an alarming issue for various organizations. It is not only crucial for information technology (IT) oriented institutions using database management systems (DBMSs) but is also critical for competitive and sensitive organization where faulty data is more difficult to clean up. Various well-known risk mitigation techniques have been developed, such as authentication, authorization, and fraud detection. However, none of these methods are capable of efficiently detecting compromised legitimate users’ credentials. This is because cyber-criminals can gain access to legitimate users’ accounts based on trusted relationships with the account owner. This study focuses on handling CUC on time to avoid larger-scale damage incurred by the cyber-criminals. The proposed approach can efficiently detect CUC in a live database by analyzing and comparing the user’s current and past operational behavior. This novel approach is built by a combination of prudent analysis, ripple down rules and simulated experts. The experiments are carried out on collected data over 6 months from sensitive live DBMS. The results explore the performance of the proposed approach that it can efficiently detect CUC with 97% overall accuracy and 2.013% overall error rate. Moreover, it also provides useful information about compromised users’ activities for decision or policy makers as to which user is more critical and requires more consideration as compared to less crucial user based prevalence value.
Similar content being viewed by others
References
Pecchia, A., Sharma, A., Kalbarczyk, Z., Cotroneo, D., Iyer, R.K.: Identifying compromised users in shared computing infrastructures: a data-driven Bayesian network approach. In: Proceedings of the IEEE Symposium on Reliable Distributed Systems. pp. 127–136 (2011)
Egele, M., Kruegel, C., Vigna, G.: COMPA?: detecting compromised accounts on social networks. In: 20th Annual Network and Distributed System Security Symposium, San Diego, CA, USA, pp. 1–17 (2013)
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: ACM Conference on Computer and Communications Security (2009)
Viswanath, B., Muhammad Ahmad, B., Crovella, M., Guha, S., Gummadi, K., Krishnamurthy, B., Mislove, A.: Towards detecting anomalous user behavior in online social networks. In: Proceedings of the 23rd USENIX Security Symposium (USENIX Security), pp. 223–238 (2014)
Yang, Z., Wilson, C., Wang, X., Gao, T., Zhao, B.Y., Dai, Y.: Uncovering social network Sybils in the wild. ACM Trans. Knowl. Discov. Data 8, 2:1–2:29 (2014)
Singh, K., Cantt, M.: Outlier detection? Applications and techniques. Int. J. Comput. Sci. Issues 9, 307–323 (2012)
Daneshpazhouh, A., Sami, A.: Entropy-based outlier detection using semi-supervised approach with few positive examples. Pattern Recognit. Lett. 49, 77–84 (2014)
Hawkins, D.M.: Identification of Outliers. Chapman and Hall, London (1980)
Hodge, V.J., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev. 22, 85–126 (2004)
Zhang, Y., Meratnia, N., Havinga, P.: Outlier detection techniques for wireless sensor networks: a survey. IEEE Commun. Surv. Tutor. 12, 159–170 (2010)
Gupta, N.: A study of existing cross site scripting detection and prevention techniques in web applications. Int. J. Eng. Comput. Sci. 3, 8445–8450 (2014)
Gupta, M., Gao, J., Aggarwal, C.C.: Outlier detection for temporal data? A survey. IEEE Trans. Knowl. Data Eng. 25, 1–20 (2014)
Kumar, S.: Classification and detection of computer intrusions. Doctoral Dissertation, Department of Computer Science, Purdue University, West Lafayette, IN (1995)
Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, pp. 144–155. IEEE Computer Society (2001)
Thomas, K., Li, F., Grier, C., Paxson, V.: Consequences of connectivity? Characterizing account hijacking on Twitter. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 489–500 (2014)
Xue, Z., Shang, Y., Feng, A.: Semi-supervised outlier detection based on fuzzy rough C-means clustering. Math. Comput. Simul. 80, 1911–1921 (2010)
Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., Zhao, B.Y.: Detecting and characterizing social spam campaigns. In: Proceedings of the 10th Annual Conference on Internet Measurement—IMC ’10, p. 35. ACM Press, New York (2010)
Gao, B., Ma, H.-Y., Yang, Y.-H.: HMMs (Hidden Markov models) based on anomaly intrusion detection method. In: Proceedings of the International Conference on Machine Learning and Cybernetics, pp. 381–385. IEEE (2002)
Cabrera, J.B.D., Lewis, L., Mehra, R.K.: Detection and classification of intrusions and faults using sequences of system calls. ACM SIGMOD Rec. 30, 25–34 (2001)
Endler, D.: Intrusion detection. Applying machine learning to Solaris audit data. In: Proceedings 14th Annual Computer Security Applications Conference (Cat. No. 98EX217), pp. 268–279. IEEE Computer Society (1998)
Ghosh, A.K., Schwartzbard, A., Schatz, M.: Learning program behavior profiles for intrusion detection learning program behavior profiles for intrusion detection. In: Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 51–62 (1999)
Kang, D., Fuller, D., Honavar, V.: Learning classifiers for misuse detection using a bag of system calls. In: Proceedings of the 3rd IEEE International Conference on Intelligence and Security Informatics, pp. 511–516 (2005)
Tian, S., Mu, S., Yin, C.: Sequence-similarity kernels for SVMs to detect anomalies in system calls. Neurocomputing 70, 859–866 (2007)
Wang, M., Zhang, C., Yu, J.: Native API based windows anomaly intrusion detection method Using SVM. In: IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC’06), vol. 1, pp. 514–519. IEEE (2006)
Ghosh, A.K., Schwartzbard, A.: A study in using neural networks for anomaly and misuse detection. In: Proceedings of the 8th USENIX Security Symposium, Washington, DC, pp. 141–152. USENIX Association (1999)
Dasgupta, K., Singh, R., Viswanathan, B., Chakraborty, D., Mukherjea, S., Nanavati, A.A., Joshi, A.: Social ties and their relevance to churn in mobile telecom networks. In: Proceedings of the 11th International Conference on Extending Database Technology Advances in Database Technology—EDBT ’08, pp. 668–677. ACM Press, New York (2008)
Hayati, P., Potdar, V., Chai, K., Talevski, A.: Web spambot detection based on web navigation behaviour. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications, pp. 797–803. IEEE, Washington, DC (2010)
Zhang, L., Zhu, J., Yao, T.: An evaluation of statistical spam filtering techniques. ACM Trans. Asian Lang. Inf. Process. 3, 243–269 (2004)
Compton, P., Jansen, R.: Knowledge in context: a strategy for expert system maintenance. http://dl.acm.org/citation.cfm?id=89411.89756 (1990)
Gaines, B.R., Compton, P.: Induction of ripple-down rules applied to modeling large databases. J. Intell. Inf. Syst. 5, 211–228 (1995)
Pau, C., Horn, K.A., Quinlan, J.R., Lazarus, L.: Maintaining an expert system. In: Quinlan, J.R. (ed.) Applications of Expert Systems, vol. 2, pp. 366–385. Addison-Wesley, London (1989)
Richards, D., Compton, P.: Taking up the situated cognition challenge with ripple down rules. Int. J. Hum. Comput. Stud. 49, 895–926 (1998)
Tobias, S.: Algebraic foundation and improved methods of induction of ripple down rules. In: Pacific Knowledge Acquisition Workshop, Sydney, pp. 23–25 (1996)
Keaveney, S.M.: Customer switching behavior in service industries: an exploratory study. J. Mark. 59, 71–82 (1995)
Pham, K.C., Sammut, C.: RDRVision—learning vision recognition with ripple down rules. In: Proceedings of the Australasian Conference on Robotics and Automation, pp. 7–8 (2005)
Clancey, W.J.: Heuristic classification. Artif. Intell. 27, 289–350 (1985)
Gomez-Prerez, A.: Ontology evaluation. In: Handbook on Ontologies, pp. 293–313. Springer, Berlin (2004)
Compton, P., Cao, T.M.: Evaluation of Incremental Knowledge Acquisition with Simulated Experts. Springer, Berlin (2006)
Compton, P., Preston, P., Edwards, G., Kang, B.: Knowledge based systems that have some idea of their limits. In: Tenth Knowledge Acquisition and Knowledge-Based Systems Workshop (1996)
Amin, A., Rahim,F., Ramzan,M., Anwar, S.: A prudent based approach for customer churn prediction. In: BDAS: Beyond Databases, Architectures and Structures, pp. 320–332. Springer (2015)
Maruatona, O.O., Vamplew, P., Dazeley, R.: Prudent fraud detection in Internet banking. In: 2012 Third Cybercrime and Trustworthy Computing Workshop, pp. 60–65. IEEE (2012)
Maruatona, O., Vamplew, P., Dazeley, R.: Knowledge Management and Acquisition for Intelligent Systems. Springer, Berlin (2012)
Compton, P., Preston, P., Kang, B.: The Use of Simulated Experts in Evaluating Knowledge Acquisition, pp. 1–18. University of Calgary (1995)
Amin, A., Anwar, S., Adnan, A., Nawaz, M., Howard, N., Qadir, J., Hawalah, A., Hussain, A.: Comparing oversampling techniques to handle the class imbalance problem: a customer churn prediction case study. Journal of IEEE Access 4, 7940–7957 (2016)
Ellison, S.L.R., Barwick, V.J., Farrant, T.J.: Practical Statistics for the Analytical Scientist. Royal Society of Chemistry, Cambridge (2009)
Miller, J.N.: Using the Grubbs and Cochran tests to identify outliers. Anal. Methods Commun. 7, 7948–7950 (2015)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Amin, A., Shah, B., Anwar, S. et al. A prudent based approach for compromised user credentials detection. Cluster Comput 21, 423–441 (2018). https://doi.org/10.1007/s10586-017-0878-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-0878-4