DATA-DRIVEN SEMI-GLOBAL ALIGNMENT TECHNIQUE FOR MASQUERADE DETECTION IN STAND-ALONE AND CLOUD COMPUTING SYSTEMS

摘要

Systems and methods are provided for intrusion detection, specifically, identifying masquerade attacks in large scale, multiuser systems, which improves the scoring systems over conventional masquerade detection systems by adopting distinct alignment parameters for each user. For example, the use of DDSGA may result in a masquerade intrusion detection hit ratio of approximately 88.4% with a small false positive rate of approximately 1.7%. DDSGA may also improve the masquerade intrusion detection hit ratio by about 21.9% over convention masquerade detection techniques and lower the Maxion-Townsend cost by approximately 22.5%. It will also improve the computational overhead.

主权项

1. A method for identifying masquerade attacks in a network computing environment, the method comprising:
receiving data from at least one user with an active session on a system; receiving historical data for each of the at least one user; applying an algorithm to the received data to build at least one profile for each of the at least one user, wherein the at least one profile comprises one or more sample signatures; applying an algorithm to the received historical data to build at least one model for each of the at least one user, wherein said at least one model comprises one or more reference signatures; identifying a dynamic threshold; determining an alignment score between the sample signatures to the reference signatures by comparing first alignment parameters from the sample signatures with second alignment parameters from the reference signatures; determining an intrusion masquerade event based on the alignment score being greater than the identified dynamic threshold; and updating patterns for each of the at least one active user.