An Intent-Driven Masquerader Detection Framework Based on Data Fusion

Different from outside attacks, malicious insiders steal sensitive data or sabotage information systems through misuse of privilege or identity theft (masquerader). These attacks, which are very hard to detect, can cause considerable damages to the organization. Most previous detection methods are based on single observable, which can find insider attacks to some extent; as for intent analysis, their usage seems to be limited. In this paper, we monitor users’ various observables on host, and then build a new framework based on data fusion technique to locate this situation. Our framework is more precise for masquerader detection and capable of analyzing attack intents.