Intrusion detection with neural networks
NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
Machine Learning
Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Masquerade detection based on SVM and sequence-based user commands profile
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
| Hi-index | 0.00 |
Insiders are authorized persons who possess special privileges of access; these privileges in some cases may be abused. One way in which an insider attack may occur is when user X makes use of user Y's unattended (but logged in) computer, and masquerades as user Y. This paper presents a method of masquerade detection. A light-weight monitor collected information about computer usage by employees of a small organization for a period of three weeks. A profile of each user was developed using a Naïve Bayes classifier that analyzed handle counts of processes as the input. Under conditions specified in the paper, users were correctly identified using this technique approximately 97% of the time, with a misidentification rate of .4%.