Masquerader classification system with Linux command sequences using machine learning algorithms

Abstract

Intrusion Detection System plays a major role in today's security infrastructure. Both insider and outsider threats could be addressed by intrusion detection systems where the other components fail to do so. Firewalls can address only outsider threats where the log files manipulation can address only insider threats. The objective of this research paper is to apply the classifiers for UNIX User data and find the best algorithm. From the available UNIX User data all 9100 instances are taken. The classification rate and the false positive rate are used as the performance criteria with 3 fold cross validation. It is found that ZeroR is giving high performance with low false alarm rate and high classification rate. Real time data in truncated and enriched formats are also applied to finalize the best algorithm under each category of classifier. Here 6824 instances are used. BayesNet and REPTree are found to be the best performing algorithms. © 2012 Springer-Verlag.