Scatter (and other) plots for visualizing user profiling data and network traffic
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
USim: A User Behavior Simulation Framework for Training and Testing IDSes in GUI Based Systems
ANSS '06 Proceedings of the 39th annual Symposium on Simulation
Masquerade detection based on SVM and sequence-based user commands profile
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Adaptive anomaly detection with evolving connectionist systems
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
A comparative evaluation of two algorithms for Windows Registry Anomaly Detection
Journal of Computer Security
Analysis of Computer Intrusions Using Sequences of Function Calls
IEEE Transactions on Dependable and Secure Computing
Sequence alignment for masquerade detection
Computational Statistics & Data Analysis
Online detection of malicious data access using DBMS auditing
Proceedings of the 2008 ACM symposium on Applied computing
Impact of daily computer usage on GUI usage analysis
Proceedings of the 4th annual conference on Information security curriculum development
Combining One Class Fuzzy KNN's
WILF '07 Proceedings of the 7th international workshop on Fuzzy Logic and Applications: Applications of Fuzzy Sets Theory
User identification via process profiling: extended abstract
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
AAAI'08 Proceedings of the 23rd national conference on Artificial intelligence - Volume 2
A dynamic normal profiling for anomaly detection
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Anomaly detection of masquerders based upon typing biometrics and probabilistic neural network
Journal of Computing Sciences in Colleges
ELICIT: a system for detecting insiders who violate need-to-know
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Masquerade detection based upon GUI user profiling in linux systems
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Decoy document deployment for effective masquerade attack detection
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Estimating accuracy of mobile-masquerader detection using worst-case and best-case scenario
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
On the use of word networks to mimicry attack detection
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
An SVM-Based masquerade detection method with online update using co-occurrence matrix
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Masquerade detection system based on principal component analysis and radial basics function
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
A neural network model for detection systems based on data mining and false errors
EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
Anomaly detection in computer security and an application to file system accesses
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
Masquerade detection via customized grammars
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Towards building a masquerade detection method based on user file system navigation
MICAI'11 Proceedings of the 10th Mexican international conference on Advances in Artificial Intelligence - Volume Part I
Episode based masquerade detection
ICISS'05 Proceedings of the First international conference on Information Systems Security
Modeling user search behavior for masquerade detection
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
User identity verification via mouse dynamics
Information Sciences: an International Journal
A knowledge-based clinical toxicology consultant for diagnosing single exposures
Artificial Intelligence in Medicine
A comparison of one-class bag-of-words user behavior modeling techniques for masquerade detection
Security and Communication Networks
Masquerade attacks based on user's profile
Journal of Systems and Software
A variable-length model for masquerade detection
Journal of Systems and Software
Layered security architecture for masquerade attack detection
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A survey of anomaly intrusion detection techniques
Journal of Computing Sciences in Colleges
Online Randomization Strategies to Obfuscate User Behavioral Patterns
Journal of Network and Systems Management
ALERT-ID: analyze logs of the network element in real time for intrusion detection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
A knowledge-based clinical toxicology consultant for diagnosing multiple exposures
Artificial Intelligence in Medicine
Expert Systems with Applications: An International Journal
Hi-index | 0.01 |
A masquerade attack, in which one user impersonates another, can be the most serious form of computer abuse. Automatic discovery of masqueraders is sometimes under-taken by detecting significant departures from normal user behavior, as represented by a user profile formed from system audit data. While the success of this approach has been limited, the reasons for its unsatisfying performance are not obvious, possibly because most reports do not elucidate the origins of errors made by the detection mechanisms. This paper takes as its point of departure a recent series of experiments framed by Schonlau et al. [12]. In extending that work with a new classification algorithm, a 56% improvement in masquerade detection was achieved at a corresponding false-alarm rate of 1.3%. A detailed error analysis, based on an alternative data configuration, reveals why some users are good masqueraders and othersare not.