Masquerader Classification System with Linux Command Sequences Using Machine Learning Algorithms
详细信息 查看全文
- 作者:T. Subbulakshmi (18)
S. Mercy Shalinie (18)
A. Ramamoorthi (18) - 关键词:False positives ; Intrusion Detection ; Cross Validation ; Insider and Outsider Threats
- 刊名:Lecture Notes in Computer Science
- 出版年:2012
- 出版时间:2012
- 年:2012
- 卷:6411
- 期:1
- 页码:303-308
- 全文大小:138KB
- 参考文献:1. Kang, D.-K., Fuller, D., Honavar, V.: Learning Classifiers For Misuse And Anomaly DetectionUsing A Bag Of System Calls Representation. In: Proc. IEEE Workshop on Information Assurance and Security (IAW 2005). United States Military Academy, West Point (2005)
2. Jian, Z., Shirai, H., Takahashi, I., Kuroiwa, J., Odaka, T., Ogura, H.: Hybrid Command Sequence Model for Anomaly Detection. In: Zhou, Z.-H., Li, H., Yang, Q. (eds.) PAKDD 2007. LNCS (LNAI), vol.?4426, pp. 108-18. Springer, Heidelberg (2007a) CrossRef
3. Shon, T., Moon, J.: A hybrid machine learning approach to network anomaly detection. Information Sciences International Journal?177(18), 3799-821 (2007)
4. Seo, J., Cha, S.: Masquerade Detection based on SVM and Sequence-based User Commands Profile. In: ACM Symposium on Information, Computer and Communications Security, March 20-22 (2007)
5. Jian, Z., Shirai, H., Takahashi, I., Kuroiwa, J., Odaka, T., Ogura, H.: Masquerade detection by boosting decision stumps using UNIX commands. Elsevier Journal on Computers and Security?26(4) (June 2007b) - 作者单位:T. Subbulakshmi (18)
S. Mercy Shalinie (18)
A. Ramamoorthi (18)
18. Department of Computer Science and Engineering, Thiagarajar College of Engineering, Madurai, India - ISSN:1611-3349
文摘
Intrusion Detection System plays a major role in today’s security infrastructure. Both insider and outsider threats could be addressed by intrusion detection systems where the other components fail to do so. Firewalls can address only outsider threats where the log files manipulation can address only insider threats. The objective of this research paper is to apply the classifiers for UNIX User data and find the best algorithm. From the available UNIX User data all 9100 instances are taken. The classification rate and the false positive rate are used as the performance criteria with 3 fold cross validation. It is found that ZeroR is giving high performance with low false alarm rate and high classification rate. Real time data in truncated and enriched formats are also applied to finalize the best algorithm under each category of classifier. Here 6824 instances are used. BayesNet and REPTree are found to be the best performing algorithms.