Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Intrusion Detection: A Bioinformatics Approach
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Identifying hierarchical structure in sequences: a linear-time algorithm
Journal of Artificial Intelligence Research
An N-Gram and STF-IDF model for masquerade detection in a UNIX environment
Journal in Computer Virology
Hybrid method for detecting masqueraders using session folding and hidden markov models
MICAI'06 Proceedings of the 5th Mexican international conference on Artificial Intelligence
Towards building a masquerade detection method based on user file system navigation
MICAI'11 Proceedings of the 10th Mexican international conference on Advances in Artificial Intelligence - Volume Part I
Masquerade attacks based on user's profile
Journal of Systems and Software
Online Randomization Strategies to Obfuscate User Behavioral Patterns
Journal of Network and Systems Management
| Hi-index | 0.00 |
We show that masquerade detection, based on sequences of commands executed by the users, can be effectively and efficiently done by the construction of a customized grammar representing the normal behavior of a user. More specifically, we use the Sequitur algorithm to generate a context-free grammar which efficiently extracts repetitive sequences of commands executed by one user – which is mainly used to generate a profile of the user. This technique identifies also the common scripts implicitly or explicitly shared between users – a useful set of data for reducing false positives. During the detection phase, a block of commands is classified as either normal or a masquerade based on its decomposition in substrings using the grammar of the alleged user. Based on experimental results using the Schonlau datasets, this approach shows a good detection rate across all false positive rates – they are the highest among all published results inpknown to the author.