Abnormal File Access Behavior Detection Based on FPD: An Unsupervised Approach

Xiao Bin Wang; Yong Jun Wang; Yong Lin Sun

doi:10.4028/www.scientific.net/AMM.713-715.2212

Paper Titles

A Discovery Technology Based on Distributed Resource Management Domain
p.2195

A Multipath Routing Protocol Based on the Quality of Service Aware
p.2199

A New Web Application Framework Based on SSH
p.2203

A Research on New Type of P2P Based Botnet
p.2208

Abnormal File Access Behavior Detection Based on FPD: An Unsupervised Approach
p.2212

ADO.NET Database Access Technology
p.2217

Combine Trust Management Scheme for BitTorrent Networks
p.2221

Correlation Analysis of Software Defects Density and Metrics
p.2225

Design and Implementation of Information Push Service Platform in Mobile Intelligent District Based on JXTA
p.2229

HomeApplied Mechanics and MaterialsApplied Mechanics and Materials Vols. 713-715Abnormal File Access Behavior Detection Based on...

Abnormal File Access Behavior Detection Based on FPD: An Unsupervised Approach

Abstract:

Information security is a great challenge for organizations in our modern information world. Existing security facilities like Firewalls, Intrusion Detection Systems and Antivirus are not enough to guarantee the security of information. File is an important carrier of information, which is the intent of quite a number of attackers. In this paper, we extend the FPD-based approach for detecting abnormal file access behaviors. We propose 3 approaches to calculate FPD values in the case of lacking training data, and we apply a k-means based unsupervised approach to distinguish between normal processes and abnormal ones. Experiment demonstrate that our unsupervised approach is still effective compared to the supervised case with training data.

You might also be interested in these eBooks

View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 713-715)

Pages:

2212-2216

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.713-715.2212

Citation:

Cite this paper

Online since:

January 2015

Authors:

Xiao Bin Wang*, Yong Jun Wang, Yong Lin Sun

Keywords:

Anomaly Detection, File Access Behaviors, File Path Dispersion, Information Security

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

Citation:

* - Corresponding Author

References

[1] Targeting Huawei: NSA Spied on Chinese Government and Networking Firm, SPIGEL ONLINE, http: /www. spiegel. de.

Google Scholar

[2] M. B. Salem, S. Hershkop and S. J. Stolfo: A survey of insider attack detection research, Insider Attack and Cyber Security: Beyond the Hacker, Springer, (2008).

DOI: 10.1007/978-0-387-77322-3_5

Google Scholar

[3] J. Hunker and C. W. Probst: Insiders and Insider Threats An Overview of Definitions and Mitigation Techniques, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, Vol. 2 (2011) p.4.

Google Scholar

[4] X.B. Wang, Y.L. Sun and Y.J. Wang: AN ABNORMAL FILE ACCESS BEHAVIOR DETECTION APPROACH BASED ON FILE PATH DIVERSITY, International Conference on Information and Communications Technologies Vol. 2 (2014) p.455.

DOI: 10.1049/cp.2014.0632

Google Scholar

[5] V. Chandola, A. Banerjee and V. Kumar: Anomaly Detection: A Survey, ACM Computing Surveys Vol. 41 (2009) p.1.

DOI: 10.1145/1541880.1541882

Google Scholar

[6] S. J. Stolfo, S. Hershkop, L. H. Bui, R. Ferster and K. Wang, Anomaly Detection in Computer Security and an Application to File System Accesses, Springer, Vol. 3488 (2005) p.14.

DOI: 10.1007/11425274_2

Google Scholar

[7] J. Cui, Z.M. Cai and G.J. Sun: A Host Anomaly Intrusion Detection Based on File Access, Microelectronics & Computer, Vol. 4 (2005) p.57.

Google Scholar

[8] M. B. Salem and S. J. Stolfo: Modeling user search behavior for masquerade detection, Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection, Heidelberg: Springer (2011) p.1.

DOI: 10.1007/978-3-642-23644-0_10

Google Scholar