DDSGA: A data-driven semi-global alignment approach for detecting masquerade attacks

Hisham A. Kholidy, Fabrizio Baiardi, Salim Hariri

Research output: Contribution to journalArticle

21 Scopus citations

Abstract

A masquerade attacker impersonates a legal user to utilize the user services and privileges. The semi-global alignment algorithm (SGA) is one of the most effective and efficient techniques to detect these attacks but it has not reached yet the accuracy and performance required by large scale, multiuser systems. To improve both the effectiveness and the performances of this algorithm, we propose the Data-Driven Semi-Global Alignment, DDSGA approach. From the security effectiveness view point, DDSGA improves the scoring systems by adopting distinct alignment parameters for each user. Furthermore, it tolerates small mutations in user command sequences by allowing small changes in the low-level representation of the commands functionality. It also adapts to changes in the user behaviour by updating the signature of a user according to its current behaviour. To optimize the runtime overhead, DDSGA minimizes the alignment overhead and parallelizes the detection and the update. After describing the DDSGA phases, we present the experimental results that show that DDSGA achieves a high hit ratio of 88.4 percent with a low false positive rate of 1.7 percent. It improves the hit ratio of the enhanced SGA by about 21.9 percent and reduces Maxion-Townsend cost by 22.5 percent. Hence, DDSGA results in improving both the hit ratio and false positive rates with an acceptable computational overhead.

Original languageEnglish (US)
Article number6824813
Pages (from-to)164-178
Number of pages15
JournalIEEE Transactions on Dependable and Secure Computing
Volume12
Issue number2
DOIs
StatePublished - Mar 1 2015

Keywords

  • Masquerade detection
  • attacks
  • instrusion detection
  • security
  • sequence alignment

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'DDSGA: A data-driven semi-global alignment approach for detecting masquerade attacks'. Together they form a unique fingerprint.

  • Cite this