• Publication
  • PrePrints
  • Abstract - DDSGA: A Data-Driven Semi-Global Alignment Approach for Detecting Masquerade Attacks
 This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
DDSGA: A Data-Driven Semi-Global Alignment Approach for Detecting Masquerade Attacks
PrePrint
ISSN: 1545-5971
Hisham A. Kholidy, Hisham A. Kholidy is with the Department of Computer Science and Engineering, Qatar university, Qatar (E-mail: hisham_dev@yahoo.com).
A masquerade attacker impersonates a legal user to utilize the user services and privileges. The semi-global alignment algorithm (SGA) is one of the most effective and efficient techniques to detect these attacks but it has not reached yet the accuracy and performance required by large scale, multiuser systems. To improve both the effectiveness and the performances of this algorithm, we propose the Data-Driven Semi-Global Alignment, DDSGA approach. From the security effectiveness view point, DDSGA improves the scoring systems by adopting distinct alignment parameters for each user. Furthermore, it tolerates small mutations in user command sequences by allowing small changes in the low-level representation of the commands functionality. It also adapts to changes in the user behaviour by updating the signature of a user according to its current behaviour. To optimize the run time overhead, DDSGA minimizes the alignment overhead and parallelizes the detection and the update. After describing the DDSGA phases, we present the experimental results that show that DDSGA achieves a high hit ratio of 88.4% with a low false positive rate of 1.7%. It improves the hit ratio of the enhanced SGA by about 21.9% and reduces Maxion-Townsend cost by 22.5%. Hence, DDSGA results in improving both the hit ratio and false positive rates with an acceptable computational overhead.
Citation:
Fabrizio Baiardi, Salim Hariri, Hisham A. Kholidy, "DDSGA: A Data-Driven Semi-Global Alignment Approach for Detecting Masquerade Attacks," IEEE Transactions on Dependable and Secure Computing, 12 June 2014. IEEE computer Society Digital Library. IEEE Computer Society, <http://doi.ieeecomputersociety.org/10.1109/TDSC.2014.2327966>
Usage of this product signifies your acceptance of the Terms of Use.