Active authentication using file system decoys and user behavior modeling: results of a large scale study. Issue 87 (November 2019)
- Record Type:
- Journal Article
- Title:
- Active authentication using file system decoys and user behavior modeling: results of a large scale study. Issue 87 (November 2019)
- Main Title:
- Active authentication using file system decoys and user behavior modeling: results of a large scale study
- Authors:
- Voris, Jonathan
Song, Yingbo
Salem, Malek Ben
Hershkop, Shlomo
Stolfo, Salvatore - Abstract:
- Abstract: Data theft is a growing threat to consumers and organizations which existing security safeguards do not sufficiently address. In particular, existing authentication mechanisms are frequently bypassed or circumvented although in situations where attacks are launched by malicious insiders who already possess valid credentials. We propose methods to enhance existing authentication paradigms with continuous active authentication. Our system adds additional levels of security without burdening the user with more credentials to manage. We utilize two complementary authentication modalities to validate user-identity: (1) behavior profiling for user-system interaction, and (2) baiting adversaries using automatically distributed file-decoy tripwires. We present the results from a 160-subject user study used to validate our system. Our results show that the presence of decoy documents on a system does not interfere with normal user activities, and that, with 95% accuracy, our system will detect an intrusion within 15 minutes with at most one false-positive for 40 hours of user activity.
- Is Part Of:
- Computers & security. Issue 87(2019)
- Journal:
- Computers & security
- Issue:
- Issue 87(2019)
- Issue Display:
- Volume 87, Issue 87 (2019)
- Year:
- 2019
- Volume:
- 87
- Issue:
- 87
- Issue Sort Value:
- 2019-0087-0087-0000
- Page Start:
- Page End:
- Publication Date:
- 2019-11
- Subjects:
- Intrusion detection -- Masquerader attacks -- Behavioral biometrics -- Active authentication -- Decoys -- Honeyfiles
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.07.021 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16313.xml