IDU-Detector: A Synergistic Framework for Robust Masquerader Attack Detection

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Internet of Things Journal Pub Date : 2024-11-20 DOI:10.1109/JIOT.2024.3503057

Zilin Huang;Xiulai Li;Xinyi Cao;Ke Chen;Longjuan Wang;Logan Bo-Yee Liu

{"title":"IDU-Detector: A Synergistic Framework for Robust Masquerader Attack Detection","authors":"Zilin Huang;Xiulai Li;Xinyi Cao;Ke Chen;Longjuan Wang;Logan Bo-Yee Liu","doi":"10.1109/JIOT.2024.3503057","DOIUrl":null,"url":null,"abstract":"In the current digital age, users store their personal information in corporate databases to access services, making data security and sensitive information protection central to enterprise security management. Given the extensive attack surface, system assets continuously face cyber security challenges, such as weak authentication, exploitation of system vulnerabilities, and malicious software. Through specific vulnerabilities, attackers may gain unauthorized system access, masquerading as legitimate users, and remaining hidden. Successful attacks can lead to the leakage of user privacy, disruption of business operations, significant financial losses, and damage to corporate reputation. The increasing complexity of attack vectors is blurring the boundaries between insider and external threats. To address this issue, this article introduces the IDU-Detector, an innovative threat detection framework that strategically integrates intrusion detection systems (IDSs) with user and entity behavior analytics (UEBA). This integration aims to monitor unauthorized access and malicious attacks within systems, bridging functional gaps between existing systems, ensuring continuous monitoring and real-time response of the network environment, and enhancing their collective effectiveness in identifying security threats. Additionally, the existing insider threat datasets exhibit significant deficiencies in both depth and comprehensiveness, lacking sufficient coverage of diverse attack vectors. This limitation hinders the ability of insider threat detection technologies to effectively address the growing complexity and expanding scope of sophisticated attack surfaces. To address these gaps, we propose new, more enriched and diverse datasets that includes a wider range of attack scenarios, thereby enhancing the adaptability and effectiveness of detection technologies in complex threat environments. We tested our framework on different datasets, the IDU-Detector achieved average accuracy rates of 98.96% and 99.12%. These results demonstrate the method’s effectiveness in detecting masquerader attacks and other malicious activities, significantly improving security protection and incident response speed, and providing a higher level of security assurance for asset safety.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 8","pages":"9653-9670"},"PeriodicalIF":8.9000,"publicationDate":"2024-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10758727/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In the current digital age, users store their personal information in corporate databases to access services, making data security and sensitive information protection central to enterprise security management. Given the extensive attack surface, system assets continuously face cyber security challenges, such as weak authentication, exploitation of system vulnerabilities, and malicious software. Through specific vulnerabilities, attackers may gain unauthorized system access, masquerading as legitimate users, and remaining hidden. Successful attacks can lead to the leakage of user privacy, disruption of business operations, significant financial losses, and damage to corporate reputation. The increasing complexity of attack vectors is blurring the boundaries between insider and external threats. To address this issue, this article introduces the IDU-Detector, an innovative threat detection framework that strategically integrates intrusion detection systems (IDSs) with user and entity behavior analytics (UEBA). This integration aims to monitor unauthorized access and malicious attacks within systems, bridging functional gaps between existing systems, ensuring continuous monitoring and real-time response of the network environment, and enhancing their collective effectiveness in identifying security threats. Additionally, the existing insider threat datasets exhibit significant deficiencies in both depth and comprehensiveness, lacking sufficient coverage of diverse attack vectors. This limitation hinders the ability of insider threat detection technologies to effectively address the growing complexity and expanding scope of sophisticated attack surfaces. To address these gaps, we propose new, more enriched and diverse datasets that includes a wider range of attack scenarios, thereby enhancing the adaptability and effectiveness of detection technologies in complex threat environments. We tested our framework on different datasets, the IDU-Detector achieved average accuracy rates of 98.96% and 99.12%. These results demonstrate the method’s effectiveness in detecting masquerader attacks and other malicious activities, significantly improving security protection and incident response speed, and providing a higher level of security assurance for asset safety.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

IDU-Detector：鲁棒伪装者攻击检测的协同框架

在当今的数字时代，用户将个人信息存储在企业数据库中以访问服务，数据安全和敏感信息保护成为企业安全管理的核心。由于攻击面广泛，系统资产不断面临弱认证、系统漏洞利用、恶意软件等网络安全挑战。通过特定的漏洞，攻击者可以获得未经授权的系统访问权限，伪装成合法用户，并保持隐藏状态。成功的攻击可能导致用户隐私泄露、业务操作中断、重大财务损失和企业声誉受损。越来越复杂的攻击媒介模糊了内部和外部威胁之间的界限。为了解决这个问题，本文介绍了idu检测器，这是一个创新的威胁检测框架，它将入侵检测系统（ids）与用户和实体行为分析（UEBA）战略性地集成在一起。这种集成旨在监控系统内未经授权的访问和恶意攻击，弥合现有系统之间的功能差距，确保网络环境的持续监控和实时响应，并增强其识别安全威胁的集体有效性。此外，现有的内部威胁数据集在深度和全面性方面都存在明显不足，缺乏对各种攻击媒介的足够覆盖。这种限制阻碍了内部威胁检测技术有效解决复杂攻击面日益增长的复杂性和扩展范围的能力。为了解决这些差距，我们提出了新的、更丰富和多样化的数据集，其中包括更广泛的攻击场景，从而增强了检测技术在复杂威胁环境中的适应性和有效性。我们在不同的数据集上测试了我们的框架，IDU-Detector的平均准确率达到了98.96%和99.12%。这些结果表明，该方法在检测伪装攻击等恶意活动方面是有效的，显著提高了安全防护和事件响应速度，为资产安全提供了更高层次的安全保障。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.