IDU-Detector: A Synergistic Framework for Robust Masquerader Attack Detection
Zilin Huang, Xiulai Li, Xinyi Cao, Ke Chen, Longjuan Wang, Logan Bo-Yee Liu
TL;DR
The IDU-Detector is introduced, an innovative threat detection framework that strategically integrates intrusion detection systems (IDSs) with user and entity behavior analytics (UEBA) and demonstrates the method’s effectiveness in detecting masquerader attacks and other malicious activities, significantly improving security protection and incident response speed, and providing a higher level of security assurance for asset safety.
Abstract
In the digital age, users store personal data in corporate databases, making data security central to enterprise management. Given the extensive attack surface, assets face challenges like weak authentication, vulnerabilities, and malware. Attackers may exploit vulnerabilities to gain unauthorized access, masquerading as legitimate users. Such attacks can lead to privacy breaches, business disruption, financial losses, and reputational damage. Complex attack vectors blur lines between insider and external threats. To address this, we introduce the IDU-Detector, integrating Intrusion Detection Systems (IDS) with User and Entity Behavior Analytics (UEBA). This integration monitors unauthorized access, bridges system gaps, ensures continuous monitoring, and enhances threat identification. Existing insider threat datasets lack depth and coverage of diverse attack vectors. This hinders detection technologies from addressing complex attack surfaces. We propose new, diverse datasets covering more attack scenarios, enhancing detection technologies. Testing our framework, the IDU-Detector achieved average accuracies of 98.96% and 99.12%. These results show effectiveness in detecting attacks, improving security and response speed, and providing higher asset safety assurance.