| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 461756 | Journal of Systems and Software | 2012 | 12 Pages |
This paper presents a set of methods for building masquerade attacks. Each method takes into account the profile of the user to be impersonated, thus capturing an intruder strategy. Knowledge about user behavior is extracted from several statistics, including the frequency at which a user types a specific group of commands. It is then expressed by rules, which are applied to synthesize computer sessions that mimic the attack as ordinary user behavior. The masquerade attack datasets have been validated by making a set of Intrusion Detection Systems (IDS) try to detect user impersonation, this way showing the capabilities of each masquerade synthesis method for evading detection. Results demonstrate that a better performance of masquerade attacks can be obtained by using methods based on behavioral rules rather than those based only on a single statistic. Summing up, masquerade attacks exhibit a good strategy for bypassing an IDS.
► We provide methods to build masquerade test set using a profile of target victims. ► One can compare rival masquerade detection methods or verify their vulnerabilities. ► Masquerade attacks are synthesized, making attacks similar to real victim behavior. ► Modern masquerade detection systems are limited in detecting well-informed attackers.
