Next Article in Journal
Effects of Rapid Palatal Expansion on Chewing Biomechanics in Children with Malocclusion: A Surface Electromyography Study
Next Article in Special Issue
Realizing Efficient Security and Privacy in IoT Networks
Previous Article in Journal
Automatic Calibration of the Step Length Model of a Pocket INS by Means of a Foot Inertial Sensor
Previous Article in Special Issue
An Efficient Key Management Technique for the Internet of Things
Open AccessArticle

Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features

1
Indra, Digital Labs, Av. de Bruselas, 35, Alcobendas, 28108 Madrid, Spain
2
Faculty of Engineering and Architecture, Universidad de Lima, Avenida Javier Prado Este, Lima 4600, Peru
*
Authors to whom correspondence should be addressed.
These authors contributed equally to this work.
Sensors 2020, 20(7), 2084; https://doi.org/10.3390/s20072084
Received: 4 March 2020 / Revised: 30 March 2020 / Accepted: 3 April 2020 / Published: 7 April 2020
(This article belongs to the Special Issue Security and Privacy Techniques in IoT Environment)
In recent years, dynamic user verification has become one of the basic pillars for insider threat detection. From these threats, the research presented in this paper focuses on masquerader attacks, a category of insiders characterized by being intentionally conducted by persons outside the organization that somehow were able to impersonate legitimate users. Consequently, it is assumed that masqueraders are unaware of the protected environment within the targeted organization, so it is expected that they move in a more erratic manner than legitimate users along the compromised systems. This feature makes them susceptible to being discovered by dynamic user verification methods based on user profiling and anomaly-based intrusion detection. However, these approaches are susceptible to evasion through the imitation of the normal legitimate usage of the protected system (mimicry), which is being widely exploited by intruders. In order to contribute to their understanding, as well as anticipating their evolution, the conducted research focuses on the study of mimicry from the standpoint of an uncharted terrain: the masquerade detection based on analyzing locality traits. With this purpose, the problem is widely stated, and a pair of novel obfuscation methods are introduced: locality-based mimicry by action pruning and locality-based mimicry by noise generation. Their modus operandi, effectiveness, and impact are evaluated by a collection of well-known classifiers typically implemented for masquerade detection. The simplicity and effectiveness demonstrated suggest that they entail attack vectors that should be taken into consideration for the proper hardening of real organizations. View Full-Text
Keywords: insider threats; masquerade attacks; adversarial machine learning; mimicry; dynamic user verification insider threats; masquerade attacks; adversarial machine learning; mimicry; dynamic user verification
Show Figures

Figure 1

MDPI and ACS Style

Maestre Vidal, J.; Sotelo Monge, M.A. Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features. Sensors 2020, 20, 2084.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop