Detecting masquerades in intrusion detection based on unpopular commands
Information Processing Letters
Identifying hierarchical structure in sequences: a linear-time algorithm
Journal of Artificial Intelligence Research
Audit file reduction using n-gram models
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Masquerade detection via customized grammars
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Towards building a masquerade detection method based on user file system navigation
MICAI'11 Proceedings of the 10th Mexican international conference on Advances in Artificial Intelligence - Volume Part I
Masquerade attacks based on user's profile
Journal of Systems and Software
Online Randomization Strategies to Obfuscate User Behavioral Patterns
Journal of Network and Systems Management
Expert Systems with Applications: An International Journal
Hi-index | 0.00 |
This paper focuses on the study of a new method for detecting masqueraders in computer systems. The main feature of such masqueraders is that they have knowledge about the behavior profile of legitimate users. The dataset provided by Schonlau et al. [1], called SEA, has been modified for including synthetic sessions created by masqueraders using the behavior profile of the users intended to impersonate. It is proposed an hybrid method for detection of masqueraders based on the compression of the users sessions and Hidden Markov Models. The performance of the proposed method is evaluated using ROC curves and compared against other known methods. As shown by our experimental results, the proposed detection mechanism is the best of the methods here considered.