Early Detection of User-impersonating Attackers using Multilayer Tripwires

Abstract

Despite increased security awareness, safe programming languages, and secure operating systems, a problem that continues to plague modern computing is the leakage of user credentials and their subsequent abuse by user-impersonating attackers. The unfortunate reuse of credentials across unrelated services, and the ability to use one account to reset passwords of others, further exacerbates the problem leading to massive account compromises and the exfiltration of private and financial information from victimized users. Our proposed research aims to expediently identify and stop user-impersonating attackers through the use of multilayer tripwires. A tripwire is a trap-based defense mechanism that legitimate users, because of their intimate knowledge of a protected system, will be able to avoid triggering. Even though tripwires have, in the past, attracted the attention of researchers, those past tripwire-based systems have had many limitations which have hampered their adoption in real-world settings. We propose here to design and implement new tripwire mechanisms to not only overcome the challenges associated with traditional tripwires, but also apply tripwires to new computing environments. To this end, we identify novel dimensions in the tripwire design space and take advantage of them to propose, among others, tripwires that can be triggered based on the lack of actions by users, tripwires that can operate in both collaborative and non-collaborative environments, and tripwires that can protect off-the-shelf web applications, in addition to file systems. Our tripwires will be more accurate and faster because we will collect and correlate information from multiple layers of the software stack: application such as Web servers, user libraries, and operating system layers (VFS, file systems, etc.). Finally, we propose a centralized tripwire server that orchestrates the tripwire deployment and monitoring, and facilitates the adoption of tripwire-based security in environments with diverse security requirements.

Document Details

Document Type
DoD Grant Award
Publication Date
Jun 10, 2016
Source ID
N000141612264

Entities

People

  • Nick Nikiforakis

Organizations

  • Office of Naval Research
  • Research Foundation for the State University of New York
  • United States Navy

Tags

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Educational Psychology
  • Systems Analysis and Design

Technology Areas

  • Space