scholarly journals Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features

Sensors ◽  
2020 ◽  
Vol 20 (7) ◽  
pp. 2084 ◽  
Author(s):  
Jorge Maestre Vidal ◽  
Marco Antonio Sotelo Monge

In recent years, dynamic user verification has become one of the basic pillars for insider threat detection. From these threats, the research presented in this paper focuses on masquerader attacks, a category of insiders characterized by being intentionally conducted by persons outside the organization that somehow were able to impersonate legitimate users. Consequently, it is assumed that masqueraders are unaware of the protected environment within the targeted organization, so it is expected that they move in a more erratic manner than legitimate users along the compromised systems. This feature makes them susceptible to being discovered by dynamic user verification methods based on user profiling and anomaly-based intrusion detection. However, these approaches are susceptible to evasion through the imitation of the normal legitimate usage of the protected system (mimicry), which is being widely exploited by intruders. In order to contribute to their understanding, as well as anticipating their evolution, the conducted research focuses on the study of mimicry from the standpoint of an uncharted terrain: the masquerade detection based on analyzing locality traits. With this purpose, the problem is widely stated, and a pair of novel obfuscation methods are introduced: locality-based mimicry by action pruning and locality-based mimicry by noise generation. Their modus operandi, effectiveness, and impact are evaluated by a collection of well-known classifiers typically implemented for masquerade detection. The simplicity and effectiveness demonstrated suggest that they entail attack vectors that should be taken into consideration for the proper hardening of real organizations.

2020 ◽  
Vol 10 (15) ◽  
pp. 5208
Author(s):  
Mohammed Nasser Al-Mhiqani ◽  
Rabiah Ahmad ◽  
Z. Zainal Abidin ◽  
Warusia Yassin ◽  
Aslinda Hassan ◽  
...  

Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.


Author(s):  
Shannon C. Roberts ◽  
John T. Holodnak ◽  
Trang Nguyen ◽  
Sophia Yuditskaya ◽  
Maja Milosavljevic ◽  
...  

Author(s):  
Deanna D. Caputo

Violence threat and insider threat assessment rely on successfully identifying, interpreting, and responding to concerning or malicious behaviors before egregious harm is done. Both types of threats benefit from multidisciplinary teams of experts skillfully putting together data points before physical, emotional, financial, reputational, or informational harm occurs. Usually the identified character (e.g., decision-making, interpersonal style, work style), stressors, and concerning behaviors demonstrated do not clearly indicate whether a person will assault coworkers, steal classified/proprietary information, sabotage systems, or proceed normally as a responsible employee. Empirically based risk factors and threat indicators provide opportunities to evaluate potential threats more appropriately earlier in the assessment process. This chapter is an overview of insider threat definitions and programs, what it takes to become an insider threat, and how research psychologists bring rigorous science to insider threat detection, providing a solid understanding of what is known and not known about nonviolent insider threats.


Author(s):  
Mohammed Nasser Al-mhiqani ◽  
Rabiah Ahmad ◽  
Zaheera Zainal Abidin ◽  
Warusia Yassin ◽  
Aslinda Hassan ◽  
...  

<p>Insider threat is a significant challenge in cybersecurity. In comparison with outside attackers, inside attackers have more privileges and legitimate access to information and facilities that can cause considerable damage to an organization. Most organizations that implement traditional cybersecurity techniques, such as intrusion detection systems, fail to detect insider threats given the lack of extensive knowledge on insider behavior patterns. However, a sophisticated method is necessary for an in-depth understanding of insider activities that the insider performs in the organization. In this study, we propose a new conceptual method for insider threat detection on the basis of the behaviors of an insider. In addition, gated recurrent unit neural network will be explored further to enhance the insider threat detector. This method will identify the optimal behavioral pattern of insider actions.</p>


Author(s):  
Brian Ruttenberg ◽  
Dave Blumstein ◽  
Jeff Druce ◽  
Michael Howard ◽  
Fred Reed ◽  
...  

Sign in / Sign up

Export Citation Format

Share Document