Communications of the ACM
Authentication via keystroke dynamics
Proceedings of the 4th ACM conference on Computer and communications security
Text Categorization with Suport Vector Machines: Learning with Many Relevant Features
ECML '98 Proceedings of the 10th European Conference on Machine Learning
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Intrusion Detection: A Bioinformatics Approach
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Intrusion detection using sequences of system calls
Journal of Computer Security
Episode based masquerade detection
ICISS'05 Proceedings of the First international conference on Information Systems Security
Investigative behavior profiling with one class SVM for computer forensics
MIWAI'11 Proceedings of the 5th international conference on Multi-Disciplinary Trends in Artificial Intelligence
Layered security architecture for masquerade attack detection
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
| Hi-index | 0.00 |
Masquerading or impersonation attack refers to the act of gaining access to confidential data or greater access privileges, while pretending to be legitimate users. Detection of masquerade attacks is of great importance and is a non-trivial task of system security. Detection of these attacks is done by monitoring significant changes in user's behavior based on his/her computer usage. Traditional detection mechanisms are based on command line system events collected using log files. In a GUI based system, most of the user activities are performed using either mouse movements and clicks or a combination of mouse movements and keystrokes. The command line data cannot capture the complete GUI event behavior of the users hence it is insufficient to detect attacks in GUI based systems. Presently, there is no frame work available to capture the GUI based user behavior in Linux systems. We are proposing a novel approach to capture the GUI based user behavior for Linux systems using our event logging tool. Our experimentation results shows that, the GUI based user behavior can be efficiently used for masquerade attack detection to achieve high detection rates with less false positives. We have applied One-class SVM on the collected data, which requires only training the user's own legitimate sessions to build up the user's profile. Our results on GUI data using One-class SVM gives higher detection rates with less false positives compared to a Two-class SVM approach.