View article

Methods, systems, and media for masquerade attack detec tion by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring, using a hardware processor, a first plurality of user actions in a computing environment; generating a user intent model based on the first plurality of user actions; moni toring a second plurality of user actions in the computing environment; determining whether at least one of the second plurality of user actions deviates from the generated user intent model; determining whether the second plurality of user actions include performing an action on a file in the computing environment that contains decoy information in response to determining that at least one of the second plu rality of user actions deviates from the generated user intent model; and generating analert in …