Compromised user credentials detection using temporal features: A prudent based approach
Source of Publication
ACM International Conference Proceeding Series
© 2017 ACM. This study exposes a serious and rapidly growing cyber threat of compromised legitimate user credentials which is very effective for cyber-criminals to gain trusted relationships with the account owners. Such a compromised user's credentials ultimately result in damage incurred by the attacker at large-scale. Moreover, the detection of compromised legitimate user activities is crucial in competitive and sensitive organizations because wrong data is more difficult to clean from the database. The proposed study presents a novel approach to detect compromised users' activity in a live database. Our approach uses a composition of prudence analysis, ripple down rules (RDR) and simulated experts (SE) to detect and identify accounts that experience a sudden change in behavior. We collected data from a sensitive running database for a period of Six months and evaluate the proposed technique. The results show that this combined model can fully detect outlier user's activity and can provide useful information for the concerned decision maker.
Association for Computing Machinery
Compromised user credential, Outlier detection, Prudence analysis, Simulation experts
Amin, Adnan; Anwar, Sajid; Shah, Babar; and Khattak, Asad Masood, "Compromised user credentials detection using temporal features: A prudent based approach" (2017). All Works. 1006.
Indexed in Scopus