Masquerade attacks based on user's profile
- Additional Document Info
- View All
This paper presents a set of methods for building masquerade attacks. Each method takes into account the profile of the user to be impersonated, thus capturing an intruder strategy. Knowledge about user behavior is extracted from several statistics, including the frequency at which a user types a specific group of commands. It is then expressed by rules, which are applied to synthesize computer sessions that mimic the attack as ordinary user behavior. The masquerade attack datasets have been validated by making a set of Intrusion Detection Systems (IDS) try to detect user impersonation, this way showing the capabilities of each masquerade synthesis method for evading detection. Results demonstrate that a better performance of masquerade attacks can be obtained by using methods based on behavioral rules rather than those based only on a single statistic. Summing up, masquerade attacks exhibit a good strategy for bypassing an IDS. © 2012 Elsevier Inc. All rights reserved.