Detecting masquerades in intrusion detection based on unpopular commands
Information Processing Letters
Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
RACOON: Rapidly Generating User Command Data For Anomaly Detection From Customizable Templates
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Identifying hierarchical structure in sequences: a linear-time algorithm
Journal of Artificial Intelligence Research
Why did my detector do that?!: predicting keystroke-dynamics error rates
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Hybrid method for detecting masqueraders using session folding and hidden markov models
MICAI'06 Proceedings of the 5th Mexican international conference on Artificial Intelligence
Masquerade detection via customized grammars
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Masquerade attacks based on user's profile
Journal of Systems and Software
Hi-index | 0.00 |
Given that information is an extremely valuable asset, it is vital to timely detect whether one's computer (session) is being illegally seized by a masquerader. Masquerade detection has been actively studied for more than a decade, especially after the seminal work of Schonlau's group, who suggested that, to profile a user, one should model the history of the commands she would enter into a UNIX session. Schonlau's group have yielded a masquerade dataset, which has been the standard for comparing masquerade detection methods. However, the performance of these methods is not conclusive, and, as a result, research on masquerade detection has resorted to other sources of information for profiling user behaviour. In this paper, we show how to build an accurate user profile by looking into how the user structures her own file system and how she navigates such structure. While preliminary, our results are encouraging and suggest a number of ways in which new methods can be constructed.