Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Keystroke analysis of free text
ACM Transactions on Information and System Security (TISSEC)
Predicting good probabilities with supervised learning
ICML '05 Proceedings of the 22nd international conference on Machine learning
Hi-index | 0.00 |
Machine learning systems are deployed in many adversarial conditions like intrusion detection, where a classifier has to decide whether a sequence of actions come from a legitimate user or not. However, the attacker, being an adversarial agent, could reverse engineer the classifier and successfully masquerade as a legitimate user. In this paper, we propose the notion of a Proactive Intrusion Detection System (IDS) that can counter such attacks by incorporating feedback into the process. A proactive IDS influences the user's actions and observes them in different situations to decide whether the user is an intruder. We present a formal analysis of proactive intrusion detection and extend the adversarial relationship between the IDS and the attacker to present a game theoretic analysis. Finally, we present experimental results on real and synthetic data that confirm the predictions of the analysis.