Masquerade detection is one of major concerns of system security research due to two main reasons. Such an attack cannot be detected at the time of access and any detection technique relies on user's signature and even a legitimate user is likely to deviate from its usual usage pattern. In the recent years, there have been several proposals to efficiently detect masquerader while keeping the false alarm rate as low as possible. One of the recent technique, Naive Bayes with truncated command line, has been very successful in maintaining low false alarm rate. This method depends on probability of individual commands. It is more appropriate to consider meaningful groups of commands rather than individual commands. In this paper we propose a method of masquerade detection by considering episodes, meaningful subsequences of commands. The main contributions of the present work are (i) an algorithm to determine episode from a long sequence of commands, and (ii) a technique to use these episodes to detect masquerade block of commands. Our experiments with standard datasets such as SEA dataset reveal that the episode based detection is a more useful masquerade detection technique. © Springer-Verlag Berlin Heidelberg 2005.
CITATION STYLE
Dash, S. K., Reddy, K. S., & Pujari, A. K. (2005). Episode based masquerade detection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3803 LNCS, pp. 251–262). https://doi.org/10.1007/11593980_19
Mendeley helps you to discover research relevant for your work.