IDU-Detector: A Synergistic Framework for Robust Masquerader Attack Detection

• URL: http://arxiv.org/abs/2411.06172v1
• Date: Sat, 09 Nov 2024 13:03:29 GMT
• Title: IDU-Detector: A Synergistic Framework for Robust Masquerader Attack Detection
• Authors: Zilin Huang, Xiulai Li, Xinyi Cao, Ke Chen, Longjuan Wang, Logan Bo-Yee Liu,
• Abstract summary: In the digital age, users store personal data in corporate databases, making data security central to enterprise management. Given the extensive attack surface, assets face challenges like weak authentication, vulnerabilities, and malware. We introduce the IDU-Detector, integrating Intrusion Detection Systems (IDS) with User and Entity Behavior Analytics (UEBA) This integration monitors unauthorized access, bridges system gaps, ensures continuous monitoring, and enhances threat identification.
• Score: 3.3821216642235608
• License:
• Abstract: In the digital age, users store personal data in corporate databases, making data security central to enterprise management. Given the extensive attack surface, assets face challenges like weak authentication, vulnerabilities, and malware. Attackers may exploit vulnerabilities to gain unauthorized access, masquerading as legitimate users. Such attacks can lead to privacy breaches, business disruption, financial losses, and reputational damage. Complex attack vectors blur lines between insider and external threats. To address this, we introduce the IDU-Detector, integrating Intrusion Detection Systems (IDS) with User and Entity Behavior Analytics (UEBA). This integration monitors unauthorized access, bridges system gaps, ensures continuous monitoring, and enhances threat identification. Existing insider threat datasets lack depth and coverage of diverse attack vectors. This hinders detection technologies from addressing complex attack surfaces. We propose new, diverse datasets covering more attack scenarios, enhancing detection technologies. Testing our framework, the IDU-Detector achieved average accuracies of 98.96% and 99.12%. These results show effectiveness in detecting attacks, improving security and response speed, and providing higher asset safety assurance.

Related papers

• TabSec: A Collaborative Framework for Novel Insider Threat Detection [8.27921273043059]
  In the era of the Internet of Things (IoT) and data sharing, users frequently upload their personal information to enterprise databases to enjoy enhanced service experiences. However, the widespread presence of system vulnerabilities, remote network intrusions, and insider threats significantly increases the exposure of private enterprise data on the internet. This paper proposes a novel threat detection framework, TabITD, to address these challenges.
  arXiv  Detail & Related papers  (2024-11-04T04:07:16Z)
• Countering Autonomous Cyber Threats [40.00865970939829]
  Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
  arXiv  Detail & Related papers  (2024-10-23T22:46:44Z)
• Security Threats in Agentic AI System [0.0]
  The complexity of AI systems combined with their ability to process and analyze large volumes of data increases the chances of data leaks or breaches. As AI agents evolve with greater autonomy, their capacity to bypass or exploit security measures becomes a growing concern.
  arXiv  Detail & Related papers  (2024-10-16T06:40:02Z)
• Navigating Connected Car Cybersecurity: Location Anomaly Detection with RAN Data [2.147995542780459]
  Cyber-attacks, including hijacking and spoofing, pose significant threats to connected cars. This paper presents a novel approach for identifying potential attacks through Radio Access Network (RAN) event monitoring. The major contribution of this paper is a location anomaly detection module that identifies devices that appear in multiple locations simultaneously.
  arXiv  Detail & Related papers  (2024-07-02T22:42:45Z)
• Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
  Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication. Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
  arXiv  Detail & Related papers  (2024-05-21T13:34:23Z)
• Towards a Near-real-time Protocol Tunneling Detector based on Machine Learning Techniques [0.0]
  We present a protocol tunneling detector prototype which inspects, in near real time, a company's network traffic using machine learning techniques. The detector monitors unencrypted network flows and extracts features to detect possible occurring attacks and anomalies. Results show 97.1% overall accuracy and an F1-score equals to 95.6%.
  arXiv  Detail & Related papers  (2023-09-22T09:08:43Z)
• Physical Adversarial Attacks for Surveillance: A Survey [40.81031907691243]
  This paper reviews recent attempts and findings in learning and designing physical adversarial attacks for surveillance applications. In particular, we propose a framework to analyze physical adversarial attacks and provide a comprehensive survey of physical adversarial attacks on four key surveillance tasks. The insights in this paper present an important step in building resilience within surveillance systems to physical adversarial attacks.
  arXiv  Detail & Related papers  (2023-05-01T20:19:59Z)
• A Hybrid Deep Learning Anomaly Detection Framework for Intrusion Detection [4.718295605140562]
  We propose a three-stage deep learning anomaly detection based network intrusion attack detection framework. The framework comprises an integration of unsupervised (K-means clustering), semi-supervised (GANomaly) and supervised learning (CNN) algorithms. We then evaluated and showed the performance of our implemented framework on three benchmark datasets.
  arXiv  Detail & Related papers  (2022-12-02T04:40:54Z)
• Illusory Attacks: Information-Theoretic Detectability Matters in Adversarial Attacks [76.35478518372692]
  We introduce epsilon-illusory, a novel form of adversarial attack on sequential decision-makers. Compared to existing attacks, we empirically find epsilon-illusory to be significantly harder to detect with automated methods. Our findings suggest the need for better anomaly detectors, as well as effective hardware- and system-level defenses.
  arXiv  Detail & Related papers  (2022-07-20T19:49:09Z)
• RobustSense: Defending Adversarial Attack for Secure Device-Free Human Activity Recognition [37.387265457439476]
  We propose a novel learning framework, RobustSense, to defend common adversarial attacks. Our method works well on wireless human activity recognition and person identification systems.
  arXiv  Detail & Related papers  (2022-04-04T15:06:03Z)
• Measurement-driven Security Analysis of Imperceptible Impersonation Attacks [54.727945432381716]
  We study the exploitability of Deep Neural Network-based Face Recognition systems. We show that factors such as skin color, gender, and age, impact the ability to carry out an attack on a specific target victim. We also study the feasibility of constructing universal attacks that are robust to different poses or views of the attacker's face.
  arXiv  Detail & Related papers  (2020-08-26T19:27:27Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.