DDSGA: A data-driven semi-global alignment approach for detecting masquerade attacks

Hisham A. Kholidy, Fabrizio Baiardi, Salim A Hariri

Research output: Contribution to journalArticle

19 Citations (Scopus)

Abstract

A masquerade attacker impersonates a legal user to utilize the user services and privileges. The semi-global alignment algorithm (SGA) is one of the most effective and efficient techniques to detect these attacks but it has not reached yet the accuracy and performance required by large scale, multiuser systems. To improve both the effectiveness and the performances of this algorithm, we propose the Data-Driven Semi-Global Alignment, DDSGA approach. From the security effectiveness view point, DDSGA improves the scoring systems by adopting distinct alignment parameters for each user. Furthermore, it tolerates small mutations in user command sequences by allowing small changes in the low-level representation of the commands functionality. It also adapts to changes in the user behaviour by updating the signature of a user according to its current behaviour. To optimize the runtime overhead, DDSGA minimizes the alignment overhead and parallelizes the detection and the update. After describing the DDSGA phases, we present the experimental results that show that DDSGA achieves a high hit ratio of 88.4 percent with a low false positive rate of 1.7 percent. It improves the hit ratio of the enhanced SGA by about 21.9 percent and reduces Maxion-Townsend cost by 22.5 percent. Hence, DDSGA results in improving both the hit ratio and false positive rates with an acceptable computational overhead.

Original languageEnglish (US)
Article number6824813
Pages (from-to)164-178
Number of pages15
JournalIEEE Transactions on Dependable and Secure Computing
Volume12
Issue number2
DOIs
StatePublished - Mar 1 2015

Fingerprint

Costs

Keywords

  • attacks
  • instrusion detection
  • Masquerade detection
  • security
  • sequence alignment

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

DDSGA : A data-driven semi-global alignment approach for detecting masquerade attacks. / Kholidy, Hisham A.; Baiardi, Fabrizio; Hariri, Salim A.

In: IEEE Transactions on Dependable and Secure Computing, Vol. 12, No. 2, 6824813, 01.03.2015, p. 164-178.

Research output: Contribution to journalArticle

@article{4281ff5536aa4bd49c1efa742ab09219,
title = "DDSGA: A data-driven semi-global alignment approach for detecting masquerade attacks",
abstract = "A masquerade attacker impersonates a legal user to utilize the user services and privileges. The semi-global alignment algorithm (SGA) is one of the most effective and efficient techniques to detect these attacks but it has not reached yet the accuracy and performance required by large scale, multiuser systems. To improve both the effectiveness and the performances of this algorithm, we propose the Data-Driven Semi-Global Alignment, DDSGA approach. From the security effectiveness view point, DDSGA improves the scoring systems by adopting distinct alignment parameters for each user. Furthermore, it tolerates small mutations in user command sequences by allowing small changes in the low-level representation of the commands functionality. It also adapts to changes in the user behaviour by updating the signature of a user according to its current behaviour. To optimize the runtime overhead, DDSGA minimizes the alignment overhead and parallelizes the detection and the update. After describing the DDSGA phases, we present the experimental results that show that DDSGA achieves a high hit ratio of 88.4 percent with a low false positive rate of 1.7 percent. It improves the hit ratio of the enhanced SGA by about 21.9 percent and reduces Maxion-Townsend cost by 22.5 percent. Hence, DDSGA results in improving both the hit ratio and false positive rates with an acceptable computational overhead.",
keywords = "attacks, instrusion detection, Masquerade detection, security, sequence alignment",
author = "Kholidy, {Hisham A.} and Fabrizio Baiardi and Hariri, {Salim A}",
year = "2015",
month = "3",
day = "1",
doi = "10.1109/TDSC.2014.2327966",
language = "English (US)",
volume = "12",
pages = "164--178",
journal = "IEEE Transactions on Dependable and Secure Computing",
issn = "1545-5971",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "2",

}

TY - JOUR

T1 - DDSGA

T2 - A data-driven semi-global alignment approach for detecting masquerade attacks

AU - Kholidy, Hisham A.

AU - Baiardi, Fabrizio

AU - Hariri, Salim A

PY - 2015/3/1

Y1 - 2015/3/1

N2 - A masquerade attacker impersonates a legal user to utilize the user services and privileges. The semi-global alignment algorithm (SGA) is one of the most effective and efficient techniques to detect these attacks but it has not reached yet the accuracy and performance required by large scale, multiuser systems. To improve both the effectiveness and the performances of this algorithm, we propose the Data-Driven Semi-Global Alignment, DDSGA approach. From the security effectiveness view point, DDSGA improves the scoring systems by adopting distinct alignment parameters for each user. Furthermore, it tolerates small mutations in user command sequences by allowing small changes in the low-level representation of the commands functionality. It also adapts to changes in the user behaviour by updating the signature of a user according to its current behaviour. To optimize the runtime overhead, DDSGA minimizes the alignment overhead and parallelizes the detection and the update. After describing the DDSGA phases, we present the experimental results that show that DDSGA achieves a high hit ratio of 88.4 percent with a low false positive rate of 1.7 percent. It improves the hit ratio of the enhanced SGA by about 21.9 percent and reduces Maxion-Townsend cost by 22.5 percent. Hence, DDSGA results in improving both the hit ratio and false positive rates with an acceptable computational overhead.

AB - A masquerade attacker impersonates a legal user to utilize the user services and privileges. The semi-global alignment algorithm (SGA) is one of the most effective and efficient techniques to detect these attacks but it has not reached yet the accuracy and performance required by large scale, multiuser systems. To improve both the effectiveness and the performances of this algorithm, we propose the Data-Driven Semi-Global Alignment, DDSGA approach. From the security effectiveness view point, DDSGA improves the scoring systems by adopting distinct alignment parameters for each user. Furthermore, it tolerates small mutations in user command sequences by allowing small changes in the low-level representation of the commands functionality. It also adapts to changes in the user behaviour by updating the signature of a user according to its current behaviour. To optimize the runtime overhead, DDSGA minimizes the alignment overhead and parallelizes the detection and the update. After describing the DDSGA phases, we present the experimental results that show that DDSGA achieves a high hit ratio of 88.4 percent with a low false positive rate of 1.7 percent. It improves the hit ratio of the enhanced SGA by about 21.9 percent and reduces Maxion-Townsend cost by 22.5 percent. Hence, DDSGA results in improving both the hit ratio and false positive rates with an acceptable computational overhead.

KW - attacks

KW - instrusion detection

KW - Masquerade detection

KW - security

KW - sequence alignment

UR - http://www.scopus.com/inward/record.url?scp=84925202411&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84925202411&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2014.2327966

DO - 10.1109/TDSC.2014.2327966

M3 - Article

AN - SCOPUS:84925202411

VL - 12

SP - 164

EP - 178

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

SN - 1545-5971

IS - 2

M1 - 6824813

ER -