Skip to main content
SpringerLink
Log in

A prudent based approach for compromised user credentials detection

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Compromised user credential (CUC) is an activity in which someone, such as a thief, cyber-criminal or attacker gains access to your login credentials for the purpose of theft, fraud, or business disruption. It has become an alarming issue for various organizations. It is not only crucial for information technology (IT) oriented institutions using database management systems (DBMSs) but is also critical for competitive and sensitive organization where faulty data is more difficult to clean up. Various well-known risk mitigation techniques have been developed, such as authentication, authorization, and fraud detection. However, none of these methods are capable of efficiently detecting compromised legitimate users’ credentials. This is because cyber-criminals can gain access to legitimate users’ accounts based on trusted relationships with the account owner. This study focuses on handling CUC on time to avoid larger-scale damage incurred by the cyber-criminals. The proposed approach can efficiently detect CUC in a live database by analyzing and comparing the user’s current and past operational behavior. This novel approach is built by a combination of prudent analysis, ripple down rules and simulated experts. The experiments are carried out on collected data over 6 months from sensitive live DBMS. The results explore the performance of the proposed approach that it can efficiently detect CUC with 97% overall accuracy and 2.013% overall error rate. Moreover, it also provides useful information about compromised users’ activities for decision or policy makers as to which user is more critical and requires more consideration as compared to less crucial user based prevalence value.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Pecchia, A., Sharma, A., Kalbarczyk, Z., Cotroneo, D., Iyer, R.K.: Identifying compromised users in shared computing infrastructures: a data-driven Bayesian network approach. In: Proceedings of the IEEE Symposium on Reliable Distributed Systems. pp. 127–136 (2011)

  2. Egele, M., Kruegel, C., Vigna, G.: COMPA?: detecting compromised accounts on social networks. In: 20th Annual Network and Distributed System Security Symposium, San Diego, CA, USA, pp. 1–17 (2013)

  3. Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: ACM Conference on Computer and Communications Security (2009)

  4. Viswanath, B., Muhammad Ahmad, B., Crovella, M., Guha, S., Gummadi, K., Krishnamurthy, B., Mislove, A.: Towards detecting anomalous user behavior in online social networks. In: Proceedings of the 23rd USENIX Security Symposium (USENIX Security), pp. 223–238 (2014)

  5. Yang, Z., Wilson, C., Wang, X., Gao, T., Zhao, B.Y., Dai, Y.: Uncovering social network Sybils in the wild. ACM Trans. Knowl. Discov. Data 8, 2:1–2:29 (2014)

    Article  Google Scholar 

  6. Singh, K., Cantt, M.: Outlier detection? Applications and techniques. Int. J. Comput. Sci. Issues 9, 307–323 (2012)

    Google Scholar 

  7. Daneshpazhouh, A., Sami, A.: Entropy-based outlier detection using semi-supervised approach with few positive examples. Pattern Recognit. Lett. 49, 77–84 (2014)

    Article  Google Scholar 

  8. Hawkins, D.M.: Identification of Outliers. Chapman and Hall, London (1980)

    Book  MATH  Google Scholar 

  9. Hodge, V.J., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev. 22, 85–126 (2004)

    Article  MATH  Google Scholar 

  10. Zhang, Y., Meratnia, N., Havinga, P.: Outlier detection techniques for wireless sensor networks: a survey. IEEE Commun. Surv. Tutor. 12, 159–170 (2010)

    Article  Google Scholar 

  11. Gupta, N.: A study of existing cross site scripting detection and prevention techniques in web applications. Int. J. Eng. Comput. Sci. 3, 8445–8450 (2014)

    Google Scholar 

  12. Gupta, M., Gao, J., Aggarwal, C.C.: Outlier detection for temporal data? A survey. IEEE Trans. Knowl. Data Eng. 25, 1–20 (2014)

    MATH  Google Scholar 

  13. Kumar, S.: Classification and detection of computer intrusions. Doctoral Dissertation, Department of Computer Science, Purdue University, West Lafayette, IN (1995)

  14. Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, pp. 144–155. IEEE Computer Society (2001)

  15. Thomas, K., Li, F., Grier, C., Paxson, V.: Consequences of connectivity? Characterizing account hijacking on Twitter. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 489–500 (2014)

  16. Xue, Z., Shang, Y., Feng, A.: Semi-supervised outlier detection based on fuzzy rough C-means clustering. Math. Comput. Simul. 80, 1911–1921 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  17. Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., Zhao, B.Y.: Detecting and characterizing social spam campaigns. In: Proceedings of the 10th Annual Conference on Internet Measurement—IMC ’10, p. 35. ACM Press, New York (2010)

  18. Gao, B., Ma, H.-Y., Yang, Y.-H.: HMMs (Hidden Markov models) based on anomaly intrusion detection method. In: Proceedings of the International Conference on Machine Learning and Cybernetics, pp. 381–385. IEEE (2002)

  19. Cabrera, J.B.D., Lewis, L., Mehra, R.K.: Detection and classification of intrusions and faults using sequences of system calls. ACM SIGMOD Rec. 30, 25–34 (2001)

    Article  Google Scholar 

  20. Endler, D.: Intrusion detection. Applying machine learning to Solaris audit data. In: Proceedings 14th Annual Computer Security Applications Conference (Cat. No. 98EX217), pp. 268–279. IEEE Computer Society (1998)

  21. Ghosh, A.K., Schwartzbard, A., Schatz, M.: Learning program behavior profiles for intrusion detection learning program behavior profiles for intrusion detection. In: Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 51–62 (1999)

  22. Kang, D., Fuller, D., Honavar, V.: Learning classifiers for misuse detection using a bag of system calls. In: Proceedings of the 3rd IEEE International Conference on Intelligence and Security Informatics, pp. 511–516 (2005)

  23. Tian, S., Mu, S., Yin, C.: Sequence-similarity kernels for SVMs to detect anomalies in system calls. Neurocomputing 70, 859–866 (2007)

    Article  Google Scholar 

  24. Wang, M., Zhang, C., Yu, J.: Native API based windows anomaly intrusion detection method Using SVM. In: IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC’06), vol. 1, pp. 514–519. IEEE (2006)

  25. Ghosh, A.K., Schwartzbard, A.: A study in using neural networks for anomaly and misuse detection. In: Proceedings of the 8th USENIX Security Symposium, Washington, DC, pp. 141–152. USENIX Association (1999)

  26. Dasgupta, K., Singh, R., Viswanathan, B., Chakraborty, D., Mukherjea, S., Nanavati, A.A., Joshi, A.: Social ties and their relevance to churn in mobile telecom networks. In: Proceedings of the 11th International Conference on Extending Database Technology Advances in Database Technology—EDBT ’08, pp. 668–677. ACM Press, New York (2008)

  27. Hayati, P., Potdar, V., Chai, K., Talevski, A.: Web spambot detection based on web navigation behaviour. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications, pp. 797–803. IEEE, Washington, DC (2010)

  28. Zhang, L., Zhu, J., Yao, T.: An evaluation of statistical spam filtering techniques. ACM Trans. Asian Lang. Inf. Process. 3, 243–269 (2004)

    Article  Google Scholar 

  29. Compton, P., Jansen, R.: Knowledge in context: a strategy for expert system maintenance. http://dl.acm.org/citation.cfm?id=89411.89756 (1990)

  30. Gaines, B.R., Compton, P.: Induction of ripple-down rules applied to modeling large databases. J. Intell. Inf. Syst. 5, 211–228 (1995)

    Article  Google Scholar 

  31. Pau, C., Horn, K.A., Quinlan, J.R., Lazarus, L.: Maintaining an expert system. In: Quinlan, J.R. (ed.) Applications of Expert Systems, vol. 2, pp. 366–385. Addison-Wesley, London (1989)

    Google Scholar 

  32. Richards, D., Compton, P.: Taking up the situated cognition challenge with ripple down rules. Int. J. Hum. Comput. Stud. 49, 895–926 (1998)

    Article  Google Scholar 

  33. Tobias, S.: Algebraic foundation and improved methods of induction of ripple down rules. In: Pacific Knowledge Acquisition Workshop, Sydney, pp. 23–25 (1996)

  34. Keaveney, S.M.: Customer switching behavior in service industries: an exploratory study. J. Mark. 59, 71–82 (1995)

    Article  Google Scholar 

  35. Pham, K.C., Sammut, C.: RDRVision—learning vision recognition with ripple down rules. In: Proceedings of the Australasian Conference on Robotics and Automation, pp. 7–8 (2005)

  36. Clancey, W.J.: Heuristic classification. Artif. Intell. 27, 289–350 (1985)

    Article  Google Scholar 

  37. Gomez-Prerez, A.: Ontology evaluation. In: Handbook on Ontologies, pp. 293–313. Springer, Berlin (2004)

  38. Compton, P., Cao, T.M.: Evaluation of Incremental Knowledge Acquisition with Simulated Experts. Springer, Berlin (2006)

    Book  Google Scholar 

  39. Compton, P., Preston, P., Edwards, G., Kang, B.: Knowledge based systems that have some idea of their limits. In: Tenth Knowledge Acquisition and Knowledge-Based Systems Workshop (1996)

  40. Amin, A., Rahim,F., Ramzan,M., Anwar, S.: A prudent based approach for customer churn prediction. In: BDAS: Beyond Databases, Architectures and Structures, pp. 320–332. Springer (2015)

  41. Maruatona, O.O., Vamplew, P., Dazeley, R.: Prudent fraud detection in Internet banking. In: 2012 Third Cybercrime and Trustworthy Computing Workshop, pp. 60–65. IEEE (2012)

  42. Maruatona, O., Vamplew, P., Dazeley, R.: Knowledge Management and Acquisition for Intelligent Systems. Springer, Berlin (2012)

    Google Scholar 

  43. Compton, P., Preston, P., Kang, B.: The Use of Simulated Experts in Evaluating Knowledge Acquisition, pp. 1–18. University of Calgary (1995)

  44. Amin, A., Anwar, S., Adnan, A., Nawaz, M., Howard, N., Qadir, J., Hawalah, A., Hussain, A.: Comparing oversampling techniques to handle the class imbalance problem: a customer churn prediction case study. Journal of IEEE Access 4, 7940–7957 (2016)

    Article  Google Scholar 

  45. Ellison, S.L.R., Barwick, V.J., Farrant, T.J.: Practical Statistics for the Analytical Scientist. Royal Society of Chemistry, Cambridge (2009)

    Google Scholar 

  46. Miller, J.N.: Using the Grubbs and Cochran tests to identify outliers. Anal. Methods Commun. 7, 7948–7950 (2015)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Management Sciences, Peshawar, Pakistan

    Adnan Amin, Sajid Anwar & Awais Adnan

  2. College of Technological Innovation, Zayed University, 144534, Abu Dhabi, United Arab Emirates

    Babar Shah, Feras Al-Obeidat & Asad Masood Khattak

Authors
  1. Adnan Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Babar Shah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sajid Anwar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Feras Al-Obeidat
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Asad Masood Khattak
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Awais Adnan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Adnan Amin.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Amin, A., Shah, B., Anwar, S. et al. A prudent based approach for compromised user credentials detection. Cluster Comput 21, 423–441 (2018). https://doi.org/10.1007/s10586-017-0878-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-0878-4

Keywords

Search

Navigation