A variable-length model for masquerade detection
Journal of Systems and Software
| Hi-index | 0.00 |
Masqueraders commonly impersonate legitimate user’s account to gain access to computer systems that they are not authorized to enter. Normally users exhibit some regularity in their behavior such as command usage. We propose a new approach to mine user command associations. Since each user may have different usage behavior, using the built behavior pattern to predict a masquerader’s next command will result in low success rate. We devise an algorithm to identify masqueraders by evaluating the accuracy of the predictions. Furthermore our detection method can be used in real-time without having to wait for a log of a large number of commands. Experimental results show that the association rules mining performs very well in detecting masqueraders.