ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Masquerade detection based on SVM and sequence-based user commands profile
Full text PdfPdf (149 KB)
Source ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 2nd ACM symposium on Information, computer and communications security table of contents
Singapore
SESSION: Short papers table of contents
Pages: 398 - 400  
Year of Publication: 2007
ISBN:1-59593-574-6
Authors
Jeongseok Seo  Republic of Korea
Sungdeok Cha  Republic of Korea
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 14,   Downloads (12 Months): 69,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1229285.1229340
What is a DOI?

ABSTRACT

Masqueraders, despite widespread use of security products such as firewalls and intrusion detection systems, are serious threats to organizations. Although anomaly detection techniques have been considered as an effective approach to complement existing security solutions, they are not widely used in practice due to poor accuracy and relatively high degree of false alarms. In this paper, we performed an empirical study investigating the effectiveness of SVM and sequence-based kernel methods. Sequence-based kernel methods showed slightly better performance than generic RBF kernel with same frequency of false alarms. In addition, the composition of two kernel methods showed that frequency of false alarms could be further reduced.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Christopher J. C. Burges, A Tutorial on Support Vector Machines for Pattern Recognition, Data Mining and Knowledge Discovery, v.2 n.2, p.121-167, June 1998  [doi>10.1023/A:1009715923555]
 
2
Nello Cristianini , John Shawe-Taylor, An introduction to support Vector Machines: and other kernel-based learning methods, Cambridge University Press, New York, NY, 1999
 
3
L. Gordon, M. Loeb, and et al. 2004 CSI/FBI Computer Crime and Security Survey. Computer Security Institute, 2004.
 
4
W. Hu, Y. Liao, and V. Vemuri. Robust support vector machines for anomaly detection in computer security. 2003 Intl. Conf. on Machine Learning and Applications, June 2003.
 
5
Dong Seong Kim , Ha-Nam Nguyen , Jong Sou Park, Genetic Algorithm to Improve SVM Based Network Intrusion Detection System, Proceedings of the 19th International Conference on Advanced Information Networking and Applications, p.155-158, March 25-30, 2005  [doi>10.1109/AINA.2005.191]
 
6
H. Kim and S. Cha. Efficient masquerade detection using svm based on common command frequency in sliding windows. IEICE Transactions on Information and Systems, E87-D(11), November 2004.
 
7
H. Kim and S. Cha. Empirical evaluation of svm-based masquerade detection using unix commands. Computers and Security, 24(2):160--168, March 2005.
 
8
Huma Lodhi , Craig Saunders , John Shawe-Taylor , Nello Cristianini , Chris Watkins, Text classification using string kernels, The Journal of Machine Learning Research, 2, p.419-444, 3/1/2002
 
9
Roy A. Maxion , Tahlia N. Townsend, Masquerade Detection Using Truncated Command Lines, Proceedings of the 2002 International Conference on Dependable Systems and Networks, p.219-228, June 23-26, 2002
 
10
S. Mukkamala and A. Sung. Feature ranking and selection for intrusion detection systems using support vector machines. Intl. Conf. on Information and Knowledge Engineering, pages 503--509, 2002.
 
11
M. Schonlau, W. DuMouchel, and et al. Computer intrusion: Detecting masqueraders. Statistical Science, 16(1):58--74, February 2001.
 
12
B. Szymanski and Y. Zhang. Recursive data mining for masquerade detection and author identification. IEEE Information Assurance Workshop, June 2004.
 
13
K. Wang and S. Stolfo. One-class training for masquerade detection. 3rd IEEE Conference Data Mining Workshop on Data Mining for Computer Security, November 2003.
 
14
W. Webster, C. Alexander, and et al. A review of FBI security program. US Dept. of Justice, March 2002.

CITED BY
Steve McKinney , Douglas S. Reeves, User identification via process profiling: extended abstract, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, April 13-15, 2009, Oak Ridge, Tennessee

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols


General Terms:
Security


Keywords:
anomaly detection, masquerade detection, support vector machine (SVM), user commands profile

Collaborative Colleagues:
Jeongseok Seo: colleagues
Sungdeok Cha: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player