Detection of Insider Attack in Distributed Systems
7 Pages Posted: 12 Jul 2019 Last revised: 30 Sep 2019
Date Written: May 18, 2019
The Insider (masquerade) attack, where an attacker takes on the identity of a authenticate user, such as valid usernames and passwords, to bypass safeguards ensuring confidentiality, integrity, and availability of information resources. Such attacks completely undermine traditional security mechanisms due to the trust imparted to user accounts once they have been authenticated. Attackers using valid credentials are difficult to detect without first generating a profile for the user credentials and then comparing user activity against established patterns. Many attempts have been made at detecting these attacks, yet achieving high levels of accuracy remains an open challenge. In this paper, we discuss the use the alignment algorithm to align sequences of monitored audit data with sequences known to have been produced by the user, the alignment algorithm can discover areas of similarity that indicates the presence or absence of masquerade attacks. This technique is evaluated against the data set comprised of truncated UNIX command sequences to detect masquerades based on the probability of commands.
Keywords: Big Data, Internal Attack Detection, Intrusion Detection, Security
JEL Classification: Y60
Suggested Citation: Suggested Citation