Masquerade Mimicry Attack Detection: A Randomised Approach
Source: University of York
A masquerader is an (often external) attacker who, after succeeding in obtaining a legitimate user's credentials, attempts to use the stolen identity to carry out malicious actions. Automatic detection of masquerading attacks is generally undertaken by approaching the problem from an anomaly detection perspective: a model of normal behavior for each user is constructed and significant departures from it are identified as potential masquerading attempts. One potential vulnerability of these schemes lies in the fact that anomaly detection algorithms are generally susceptible to deception.