Compromised user credentials detection using temporal features: A prudent based approach
Source of Publication
ACM International Conference Proceeding Series
© 2017 ACM. This study exposes a serious and rapidly growing cyber threat of compromised legitimate user credentials which is very effective for cyber-criminals to gain trusted relationships with the account owners. Such a compromised user's credentials ultimately result in damage incurred by the attacker at large-scale. Moreover, the detection of compromised legitimate user activities is crucial in competitive and sensitive organizations because wrong data is more difficult to clean from the database. The proposed study presents a novel approach to detect compromised users' activity in a live database. Our approach uses a composition of prudence analysis, ripple down rules (RDR) and simulated experts (SE) to detect and identify accounts that experience a sudden change in behavior. We collected data from a sensitive running database for a period of Six months and evaluate the proposed technique. The results show that this combined model can fully detect outlier user's activity and can provide useful information for the concerned decision maker.
Amin, Adnan; Anwar, Sajid; Shah, Babar; and Khattak, Asad Masood, "Compromised user credentials detection using temporal features: A prudent based approach" (2017). Scopus Indexed Articles. 1368.