Continuous Authentication Based On Learning User Command Sequence

In the context of information and computer security, a masquerader is an individual who can gain access to a system by disguising itself as a legitimate user. One of the prominent and popular methods for authenticating masqueraders is by using an intrusion detection system (IDS). This thesis promotes the idea that learning the user command sequence can be served as an alternative for address intrusion detection. Several approaches have been proposed in the literature, where this idea has been explored. To our knowledge, the method by Maxion and Townsend produces the best results of all past techniques so far in terms of detection rate (82.1% using the Greenberg dataset). In this thesis we propose an IDS-based approach that consists in combining a novel Naïve Bayes classifier with a recently proposed sequential sampling technique for continuous authentication, applied to user command sequence, to detect masqueraders. Our experimental evaluation shows that our proposed scheme achieves a detection rate of 98%.

Continuous Authentication Based On Learning User Command Sequence

In the context of information and computer security, a masquerader is an individual who can gain access to a system by disguising itself as a legitimate user. One of the prominent and popular methods for authenticating masqueraders is by using an intrusion detection system (IDS). This thesis promotes the idea that learning the user command sequence can be served as an alternative for address intrusion detection. Several approaches have been proposed in the literature, where this idea has been explored. To our knowledge, the method by Maxion and Townsend produces the best results of all past techniques so far in terms of detection rate (82.1% using the Greenberg dataset). In this thesis we propose an IDS-based approach that consists in combining a novel Naïve Bayes classifier with a recently proposed sequential sampling technique for continuous authentication, applied to user command sequence, to detect masqueraders. Our experimental evaluation shows that our proposed scheme achieves a detection rate of 98%.

False Sequential Command Attack of Large-Scale Cyber-Physical Systems

Previous studies have demonstrated that false commands can cause severe damage to large-scale cyber-physical systems (CPSs). We focus on a kind of threat called false sequential command attack, with which attackers can generate false sequential commands, resulting in the illegal control of the physical process. We present a feasible attack model. Attackers delay the disaggregation of former commands by manipulating maliciously sub-controllers. Simultaneously, bad feedback data is injected to defeat the controller to issue latter commands. Thus, false command sequence is executed and the disruption of physical process can be obtained. It is also difficult for the detector to identify such attacks as injecting bad data. We also discuss other possible attack paths and analyze the corresponding disadvantages. Compared with other paths, the proposed model is more feasible and has more difficulties to be detected. A case study is given to validate the feasibility and effectiveness of proposed false sequential command attack model. Finally, we discuss the possible countermeasure.