Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features
Descripción del Articulo
In recent years, dynamic user verification has become one of the basic pillars for insider threat detection. From these threats, the research presented in this paper focuses on masquerader attacks, a category of insiders characterized by being intentionally conducted by persons outside the organizat...
| Autores: | , |
|---|---|
| Formato: | artículo |
| Fecha de Publicación: | 2020 |
| Institución: | Universidad de Lima |
| Repositorio: | ULIMA-Institucional |
| Lenguaje: | inglés |
| OAI Identifier: | oai:repositorio.ulima.edu.pe:20.500.12724/10834 |
| Enlace del recurso: | https://hdl.handle.net/20.500.12724/10834 https://doi.org/10.3390/s20072084 |
| Nivel de acceso: | acceso abierto |
| Materia: | Computer security Data protection Protección de datos Seguridad informática https://purl.org/pe-repo/ocde/ford#2.02.04 |
| id |
RULI_7fa9e2f7e542f244ecd5cb1658f8b178 |
|---|---|
| oai_identifier_str |
oai:repositorio.ulima.edu.pe:20.500.12724/10834 |
| network_acronym_str |
RULI |
| network_name_str |
ULIMA-Institucional |
| repository_id_str |
3883 |
| dc.title.en_EN.fl_str_mv |
Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features |
| title |
Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features |
| spellingShingle |
Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features Maestre Vidal, Jorge Computer security Data protection Protección de datos Seguridad informática https://purl.org/pe-repo/ocde/ford#2.02.04 |
| title_short |
Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features |
| title_full |
Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features |
| title_fullStr |
Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features |
| title_full_unstemmed |
Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features |
| title_sort |
Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features |
| author |
Maestre Vidal, Jorge |
| author_facet |
Maestre Vidal, Jorge Sotelo Monge, Marco Antonio |
| author_role |
author |
| author2 |
Sotelo Monge, Marco Antonio |
| author2_role |
author |
| dc.contributor.other.none.fl_str_mv |
Sotelo Monge, Marco Antonio |
| dc.contributor.author.fl_str_mv |
Maestre Vidal, Jorge Sotelo Monge, Marco Antonio |
| dc.subject.en_EN.fl_str_mv |
Computer security Data protection |
| topic |
Computer security Data protection Protección de datos Seguridad informática https://purl.org/pe-repo/ocde/ford#2.02.04 |
| dc.subject.es_PE.fl_str_mv |
Protección de datos Seguridad informática |
| dc.subject.ocde.none.fl_str_mv |
https://purl.org/pe-repo/ocde/ford#2.02.04 |
| description |
In recent years, dynamic user verification has become one of the basic pillars for insider threat detection. From these threats, the research presented in this paper focuses on masquerader attacks, a category of insiders characterized by being intentionally conducted by persons outside the organization that somehow were able to impersonate legitimate users. Consequently, it is assumed that masqueraders are unaware of the protected environment within the targeted organization, so it is expected that they move in a more erratic manner than legitimate users along the compromised systems. This feature makes them susceptible to being discovered by dynamic user verification methods based on user profiling and anomaly-based intrusion detection. However, these approaches are susceptible to evasion through the imitation of the normal legitimate usage of the protected system (mimicry), which is being widely exploited by intruders. In order to contribute to their understanding, as well as anticipating their evolution, the conducted research focuses on the study of mimicry from the standpoint of an uncharted terrain: the masquerade detection based on analyzing locality traits. With this purpose, the problem is widely stated, and a pair of novel obfuscation methods are introduced: locality-based mimicry by action pruning and locality-based mimicry by noise generation. Their modus operandi, effectiveness, and impact are evaluated by a collection of well-known classifiers typically implemented for masquerade detection. The simplicity and effectiveness demonstrated suggest that they entail attack vectors that should be taken into consideration for the proper hardening of real organizations. |
| publishDate |
2020 |
| dc.date.accessioned.none.fl_str_mv |
2020-05-05T16:17:36Z |
| dc.date.available.none.fl_str_mv |
2020-05-05T16:17:36Z |
| dc.date.issued.fl_str_mv |
2020 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article |
| dc.type.other.none.fl_str_mv |
Artículo en Scopus |
| format |
article |
| dc.identifier.citation.es_PE.fl_str_mv |
Maestre Vidal, J. y Sotelo Monge, M. A. (2020). Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features. Sensors, 20(7). https://doi.org/10.3390/s20072084 |
| dc.identifier.issn.none.fl_str_mv |
14248220 |
| dc.identifier.uri.none.fl_str_mv |
https://hdl.handle.net/20.500.12724/10834 |
| dc.identifier.journal.none.fl_str_mv |
Sensors |
| dc.identifier.isni.none.fl_str_mv |
0000000121541816 |
| dc.identifier.doi.none.fl_str_mv |
https://doi.org/10.3390/s20072084 |
| dc.identifier.scopusid.none.fl_str_mv |
2-s2.0-85083849678 |
| identifier_str_mv |
Maestre Vidal, J. y Sotelo Monge, M. A. (2020). Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features. Sensors, 20(7). https://doi.org/10.3390/s20072084 14248220 Sensors 0000000121541816 2-s2.0-85083849678 |
| url |
https://hdl.handle.net/20.500.12724/10834 https://doi.org/10.3390/s20072084 |
| dc.language.iso.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.ispartof.none.fl_str_mv |
urn:issn:1424-8220 |
| dc.relation.uri.none.fl_str_mv |
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7181010/ |
| dc.rights.*.fl_str_mv |
info:eu-repo/semantics/openAccess |
| dc.rights.uri.*.fl_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| dc.format.none.fl_str_mv |
application/html |
| dc.publisher.none.fl_str_mv |
NLM (Medline) |
| dc.publisher.country.none.fl_str_mv |
CH |
| publisher.none.fl_str_mv |
NLM (Medline) |
| dc.source.none.fl_str_mv |
Repositorio Institucional - Ulima Universidad de Lima reponame:ULIMA-Institucional instname:Universidad de Lima instacron:ULIMA |
| instname_str |
Universidad de Lima |
| instacron_str |
ULIMA |
| institution |
ULIMA |
| reponame_str |
ULIMA-Institucional |
| collection |
ULIMA-Institucional |
| bitstream.url.fl_str_mv |
https://repositorio.ulima.edu.pe/bitstream/20.500.12724/10834/2/license_rdf https://repositorio.ulima.edu.pe/bitstream/20.500.12724/10834/3/license.txt |
| bitstream.checksum.fl_str_mv |
8fc46f5e71650fd7adee84a69b9163c2 8a4605be74aa9ea9d79846c1fba20a33 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio Universidad de Lima |
| repository.mail.fl_str_mv |
repositorio@ulima.edu.pe |
| _version_ |
1844709908985937920 |
| spelling |
Maestre Vidal, JorgeSotelo Monge, Marco AntonioSotelo Monge, Marco Antonio2020-05-05T16:17:36Z2020-05-05T16:17:36Z2020Maestre Vidal, J. y Sotelo Monge, M. A. (2020). Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features. Sensors, 20(7). https://doi.org/10.3390/s2007208414248220https://hdl.handle.net/20.500.12724/10834Sensors0000000121541816https://doi.org/10.3390/s200720842-s2.0-85083849678In recent years, dynamic user verification has become one of the basic pillars for insider threat detection. From these threats, the research presented in this paper focuses on masquerader attacks, a category of insiders characterized by being intentionally conducted by persons outside the organization that somehow were able to impersonate legitimate users. Consequently, it is assumed that masqueraders are unaware of the protected environment within the targeted organization, so it is expected that they move in a more erratic manner than legitimate users along the compromised systems. This feature makes them susceptible to being discovered by dynamic user verification methods based on user profiling and anomaly-based intrusion detection. However, these approaches are susceptible to evasion through the imitation of the normal legitimate usage of the protected system (mimicry), which is being widely exploited by intruders. In order to contribute to their understanding, as well as anticipating their evolution, the conducted research focuses on the study of mimicry from the standpoint of an uncharted terrain: the masquerade detection based on analyzing locality traits. With this purpose, the problem is widely stated, and a pair of novel obfuscation methods are introduced: locality-based mimicry by action pruning and locality-based mimicry by noise generation. Their modus operandi, effectiveness, and impact are evaluated by a collection of well-known classifiers typically implemented for masquerade detection. The simplicity and effectiveness demonstrated suggest that they entail attack vectors that should be taken into consideration for the proper hardening of real organizations.application/htmlengNLM (Medline)CHurn:issn:1424-8220https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7181010/info:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by-nc-sa/4.0/Repositorio Institucional - UlimaUniversidad de Limareponame:ULIMA-Institucionalinstname:Universidad de Limainstacron:ULIMAComputer securityData protectionProtección de datosSeguridad informáticahttps://purl.org/pe-repo/ocde/ford#2.02.04Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Featuresinfo:eu-repo/semantics/articleArtículo en ScopusIngeniería de SistemasFaculty of Engineering and Architecture, Universidad de LimaOICC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-81037https://repositorio.ulima.edu.pe/bitstream/20.500.12724/10834/2/license_rdf8fc46f5e71650fd7adee84a69b9163c2MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-81748https://repositorio.ulima.edu.pe/bitstream/20.500.12724/10834/3/license.txt8a4605be74aa9ea9d79846c1fba20a33MD5320.500.12724/10834oai:repositorio.ulima.edu.pe:20.500.12724/108342025-03-06 19:40:01.684Repositorio Universidad de Limarepositorio@ulima.edu.peTk9URTogUExBQ0UgWU9VUiBPV04gTElDRU5TRSBIRVJFClRoaXMgc2FtcGxlIGxpY2Vuc2UgaXMgcHJvdmlkZWQgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seS4KCk5PTi1FWENMVVNJVkUgRElTVFJJQlVUSU9OIExJQ0VOU0UKCkJ5IHNpZ25pbmcgYW5kIHN1Ym1pdHRpbmcgdGhpcyBsaWNlbnNlLCB5b3UgKHRoZSBhdXRob3Iocykgb3IgY29weXJpZ2h0Cm93bmVyKSBncmFudHMgdG8gRFNwYWNlIFVuaXZlcnNpdHkgKERTVSkgdGhlIG5vbi1leGNsdXNpdmUgcmlnaHQgdG8gcmVwcm9kdWNlLAp0cmFuc2xhdGUgKGFzIGRlZmluZWQgYmVsb3cpLCBhbmQvb3IgZGlzdHJpYnV0ZSB5b3VyIHN1Ym1pc3Npb24gKGluY2x1ZGluZwp0aGUgYWJzdHJhY3QpIHdvcmxkd2lkZSBpbiBwcmludCBhbmQgZWxlY3Ryb25pYyBmb3JtYXQgYW5kIGluIGFueSBtZWRpdW0sCmluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8gYXVkaW8gb3IgdmlkZW8uCgpZb3UgYWdyZWUgdGhhdCBEU1UgbWF5LCB3aXRob3V0IGNoYW5naW5nIHRoZSBjb250ZW50LCB0cmFuc2xhdGUgdGhlCnN1Ym1pc3Npb24gdG8gYW55IG1lZGl1bSBvciBmb3JtYXQgZm9yIHRoZSBwdXJwb3NlIG9mIHByZXNlcnZhdGlvbi4KCllvdSBhbHNvIGFncmVlIHRoYXQgRFNVIG1heSBrZWVwIG1vcmUgdGhhbiBvbmUgY29weSBvZiB0aGlzIHN1Ym1pc3Npb24gZm9yCnB1cnBvc2VzIG9mIHNlY3VyaXR5LCBiYWNrLXVwIGFuZCBwcmVzZXJ2YXRpb24uCgpZb3UgcmVwcmVzZW50IHRoYXQgdGhlIHN1Ym1pc3Npb24gaXMgeW91ciBvcmlnaW5hbCB3b3JrLCBhbmQgdGhhdCB5b3UgaGF2ZQp0aGUgcmlnaHQgdG8gZ3JhbnQgdGhlIHJpZ2h0cyBjb250YWluZWQgaW4gdGhpcyBsaWNlbnNlLiBZb3UgYWxzbyByZXByZXNlbnQKdGhhdCB5b3VyIHN1Ym1pc3Npb24gZG9lcyBub3QsIHRvIHRoZSBiZXN0IG9mIHlvdXIga25vd2xlZGdlLCBpbmZyaW5nZSB1cG9uCmFueW9uZSdzIGNvcHlyaWdodC4KCklmIHRoZSBzdWJtaXNzaW9uIGNvbnRhaW5zIG1hdGVyaWFsIGZvciB3aGljaCB5b3UgZG8gbm90IGhvbGQgY29weXJpZ2h0LAp5b3UgcmVwcmVzZW50IHRoYXQgeW91IGhhdmUgb2J0YWluZWQgdGhlIHVucmVzdHJpY3RlZCBwZXJtaXNzaW9uIG9mIHRoZQpjb3B5cmlnaHQgb3duZXIgdG8gZ3JhbnQgRFNVIHRoZSByaWdodHMgcmVxdWlyZWQgYnkgdGhpcyBsaWNlbnNlLCBhbmQgdGhhdApzdWNoIHRoaXJkLXBhcnR5IG93bmVkIG1hdGVyaWFsIGlzIGNsZWFybHkgaWRlbnRpZmllZCBhbmQgYWNrbm93bGVkZ2VkCndpdGhpbiB0aGUgdGV4dCBvciBjb250ZW50IG9mIHRoZSBzdWJtaXNzaW9uLgoKSUYgVEhFIFNVQk1JU1NJT04gSVMgQkFTRUQgVVBPTiBXT1JLIFRIQVQgSEFTIEJFRU4gU1BPTlNPUkVEIE9SIFNVUFBPUlRFRApCWSBBTiBBR0VOQ1kgT1IgT1JHQU5JWkFUSU9OIE9USEVSIFRIQU4gRFNVLCBZT1UgUkVQUkVTRU5UIFRIQVQgWU9VIEhBVkUKRlVMRklMTEVEIEFOWSBSSUdIVCBPRiBSRVZJRVcgT1IgT1RIRVIgT0JMSUdBVElPTlMgUkVRVUlSRUQgQlkgU1VDSApDT05UUkFDVCBPUiBBR1JFRU1FTlQuCgpEU1Ugd2lsbCBjbGVhcmx5IGlkZW50aWZ5IHlvdXIgbmFtZShzKSBhcyB0aGUgYXV0aG9yKHMpIG9yIG93bmVyKHMpIG9mIHRoZQpzdWJtaXNzaW9uLCBhbmQgd2lsbCBub3QgbWFrZSBhbnkgYWx0ZXJhdGlvbiwgb3RoZXIgdGhhbiBhcyBhbGxvd2VkIGJ5IHRoaXMKbGljZW5zZSwgdG8geW91ciBzdWJtaXNzaW9uLgo= |
| score |
12.82117 |
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
