Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects.

Saved in:
Bibliographic Details
Title: Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects.
Authors: Medina-Pérez, Miguel1 migue@itesm.mx, Monroy, Raúl1 raulm@itesm.mx, Camiña, J.1 jb.camina@itesm.mx, García-Borroto, Milton2 mgarciab@ceis.cujae.edu.cu
Source: Soft Computing - A Fusion of Foundations, Methodologies & Applications. Feb2017, Vol. 21 Issue 3, p557-569. 13p.
Subjects: Bootstrap aggregation (Algorithms), Masqueraders (Computer users), Cyberterrorism, Set theory, Cluster analysis (Statistics)
Abstract: The goal of a masquerade detection system is to determine whether a given computer activity does not correspond to a target user, thereby inferring that a masquerader has stolen the computer session of a user. Masquerade detection should be addressed as a one-class classification problem, where only user information is available for classifier construction. This might be mandatory when it is difficult to account for all types of attack patterns or collect enough evidence thereof. In this paper, we introduce a masquerader detection method, named Bagging-TPMiner, a one-class classifier ensemble. As the name suggests, Bagging-TPMiner bootstraps the training dataset of genuine user behavior in order to find typical objects. In the classification phase, it renders a new sample of computer behavior to be a masquerade if that behavior is distinct from the typical objects. Critically, unlike existing clustering techniques, Bagging-TPMiner gives similar attention to both types of regions, dense and sparse, thus capturing the (hidden) structure of ordinary user behavior. We have successfully tested Bagging-TPMiner on WUIL, a repository of datasets for masquerader detection that contain more faithful masquerade attempts. Our experimental results show that Bagging-TPMiner improves classification accuracy when compared to other classifiers and that it is significantly better at identifying bursts of attacks, called persistent attacks, or at continuously updating from prior mistakes. [ABSTRACT FROM AUTHOR]
Copyright of Soft Computing - A Fusion of Foundations, Methodologies & Applications is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 121014937
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Medina-Pérez%2C+Miguel%22">Medina-Pérez, Miguel</searchLink><relatesTo>1</relatesTo><i> migue@itesm.mx</i><br /><searchLink fieldCode="AR" term="%22Monroy%2C+Raúl%22">Monroy, Raúl</searchLink><relatesTo>1</relatesTo><i> raulm@itesm.mx</i><br /><searchLink fieldCode="AR" term="%22Camiña%2C+J%2E%22">Camiña, J.</searchLink><relatesTo>1</relatesTo><i> jb.camina@itesm.mx</i><br /><searchLink fieldCode="AR" term="%22García-Borroto%2C+Milton%22">García-Borroto, Milton</searchLink><relatesTo>2</relatesTo><i> mgarciab@ceis.cujae.edu.cu</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Soft+Computing+-+A+Fusion+of+Foundations%2C+Methodologies+%26+Applications%22">Soft Computing - A Fusion of Foundations, Methodologies & Applications</searchLink>. Feb2017, Vol. 21 Issue 3, p557-569. 13p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Bootstrap+aggregation+%28Algorithms%29%22">Bootstrap aggregation (Algorithms)</searchLink><br /><searchLink fieldCode="DE" term="%22Masqueraders+%28Computer+users%29%22">Masqueraders (Computer users)</searchLink><br /><searchLink fieldCode="DE" term="%22Cyberterrorism%22">Cyberterrorism</searchLink><br /><searchLink fieldCode="DE" term="%22Set+theory%22">Set theory</searchLink><br /><searchLink fieldCode="DE" term="%22Cluster+analysis+%28Statistics%29%22">Cluster analysis (Statistics)</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: The goal of a masquerade detection system is to determine whether a given computer activity does not correspond to a target user, thereby inferring that a masquerader has stolen the computer session of a user. Masquerade detection should be addressed as a one-class classification problem, where only user information is available for classifier construction. This might be mandatory when it is difficult to account for all types of attack patterns or collect enough evidence thereof. In this paper, we introduce a masquerader detection method, named Bagging-TPMiner, a one-class classifier ensemble. As the name suggests, Bagging-TPMiner bootstraps the training dataset of genuine user behavior in order to find typical objects. In the classification phase, it renders a new sample of computer behavior to be a masquerade if that behavior is distinct from the typical objects. Critically, unlike existing clustering techniques, Bagging-TPMiner gives similar attention to both types of regions, dense and sparse, thus capturing the (hidden) structure of ordinary user behavior. We have successfully tested Bagging-TPMiner on WUIL, a repository of datasets for masquerader detection that contain more faithful masquerade attempts. Our experimental results show that Bagging-TPMiner improves classification accuracy when compared to other classifiers and that it is significantly better at identifying bursts of attacks, called persistent attacks, or at continuously updating from prior mistakes. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Soft Computing - A Fusion of Foundations, Methodologies & Applications is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=121014937
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s00500-016-2278-8
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 13
        StartPage: 557
    Subjects:
      – SubjectFull: Bootstrap aggregation (Algorithms)
        Type: general
      – SubjectFull: Masqueraders (Computer users)
        Type: general
      – SubjectFull: Cyberterrorism
        Type: general
      – SubjectFull: Set theory
        Type: general
      – SubjectFull: Cluster analysis (Statistics)
        Type: general
    Titles:
      – TitleFull: Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Medina-Pérez, Miguel
      – PersonEntity:
          Name:
            NameFull: Monroy, Raúl
      – PersonEntity:
          Name:
            NameFull: Camiña, J.
      – PersonEntity:
          Name:
            NameFull: García-Borroto, Milton
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 02
              Text: Feb2017
              Type: published
              Y: 2017
          Identifiers:
            – Type: issn-print
              Value: 14327643
          Numbering:
            – Type: volume
              Value: 21
            – Type: issue
              Value: 3
          Titles:
            – TitleFull: Soft Computing - A Fusion of Foundations, Methodologies & Applications
              Type: main
ResultId 1