Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects.
Saved in:
| Title: | Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects. |
|---|---|
| Authors: | Medina-Pérez, Miguel1 migue@itesm.mx, Monroy, Raúl1 raulm@itesm.mx, Camiña, J.1 jb.camina@itesm.mx, García-Borroto, Milton2 mgarciab@ceis.cujae.edu.cu |
| Source: | Soft Computing - A Fusion of Foundations, Methodologies & Applications. Feb2017, Vol. 21 Issue 3, p557-569. 13p. |
| Subjects: | Bootstrap aggregation (Algorithms), Masqueraders (Computer users), Cyberterrorism, Set theory, Cluster analysis (Statistics) |
| Abstract: | The goal of a masquerade detection system is to determine whether a given computer activity does not correspond to a target user, thereby inferring that a masquerader has stolen the computer session of a user. Masquerade detection should be addressed as a one-class classification problem, where only user information is available for classifier construction. This might be mandatory when it is difficult to account for all types of attack patterns or collect enough evidence thereof. In this paper, we introduce a masquerader detection method, named Bagging-TPMiner, a one-class classifier ensemble. As the name suggests, Bagging-TPMiner bootstraps the training dataset of genuine user behavior in order to find typical objects. In the classification phase, it renders a new sample of computer behavior to be a masquerade if that behavior is distinct from the typical objects. Critically, unlike existing clustering techniques, Bagging-TPMiner gives similar attention to both types of regions, dense and sparse, thus capturing the (hidden) structure of ordinary user behavior. We have successfully tested Bagging-TPMiner on WUIL, a repository of datasets for masquerader detection that contain more faithful masquerade attempts. Our experimental results show that Bagging-TPMiner improves classification accuracy when compared to other classifiers and that it is significantly better at identifying bursts of attacks, called persistent attacks, or at continuously updating from prior mistakes. [ABSTRACT FROM AUTHOR] |
| Copyright of Soft Computing - A Fusion of Foundations, Methodologies & Applications is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 121014937 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Medina-Pérez%2C+Miguel%22">Medina-Pérez, Miguel</searchLink><relatesTo>1</relatesTo><i> migue@itesm.mx</i><br /><searchLink fieldCode="AR" term="%22Monroy%2C+Raúl%22">Monroy, Raúl</searchLink><relatesTo>1</relatesTo><i> raulm@itesm.mx</i><br /><searchLink fieldCode="AR" term="%22Camiña%2C+J%2E%22">Camiña, J.</searchLink><relatesTo>1</relatesTo><i> jb.camina@itesm.mx</i><br /><searchLink fieldCode="AR" term="%22García-Borroto%2C+Milton%22">García-Borroto, Milton</searchLink><relatesTo>2</relatesTo><i> mgarciab@ceis.cujae.edu.cu</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Soft+Computing+-+A+Fusion+of+Foundations%2C+Methodologies+%26+Applications%22">Soft Computing - A Fusion of Foundations, Methodologies & Applications</searchLink>. Feb2017, Vol. 21 Issue 3, p557-569. 13p. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Bootstrap+aggregation+%28Algorithms%29%22">Bootstrap aggregation (Algorithms)</searchLink><br /><searchLink fieldCode="DE" term="%22Masqueraders+%28Computer+users%29%22">Masqueraders (Computer users)</searchLink><br /><searchLink fieldCode="DE" term="%22Cyberterrorism%22">Cyberterrorism</searchLink><br /><searchLink fieldCode="DE" term="%22Set+theory%22">Set theory</searchLink><br /><searchLink fieldCode="DE" term="%22Cluster+analysis+%28Statistics%29%22">Cluster analysis (Statistics)</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: The goal of a masquerade detection system is to determine whether a given computer activity does not correspond to a target user, thereby inferring that a masquerader has stolen the computer session of a user. Masquerade detection should be addressed as a one-class classification problem, where only user information is available for classifier construction. This might be mandatory when it is difficult to account for all types of attack patterns or collect enough evidence thereof. In this paper, we introduce a masquerader detection method, named Bagging-TPMiner, a one-class classifier ensemble. As the name suggests, Bagging-TPMiner bootstraps the training dataset of genuine user behavior in order to find typical objects. In the classification phase, it renders a new sample of computer behavior to be a masquerade if that behavior is distinct from the typical objects. Critically, unlike existing clustering techniques, Bagging-TPMiner gives similar attention to both types of regions, dense and sparse, thus capturing the (hidden) structure of ordinary user behavior. We have successfully tested Bagging-TPMiner on WUIL, a repository of datasets for masquerader detection that contain more faithful masquerade attempts. Our experimental results show that Bagging-TPMiner improves classification accuracy when compared to other classifiers and that it is significantly better at identifying bursts of attacks, called persistent attacks, or at continuously updating from prior mistakes. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of Soft Computing - A Fusion of Foundations, Methodologies & Applications is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=121014937 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1007/s00500-016-2278-8 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 13 StartPage: 557 Subjects: – SubjectFull: Bootstrap aggregation (Algorithms) Type: general – SubjectFull: Masqueraders (Computer users) Type: general – SubjectFull: Cyberterrorism Type: general – SubjectFull: Set theory Type: general – SubjectFull: Cluster analysis (Statistics) Type: general Titles: – TitleFull: Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Medina-Pérez, Miguel – PersonEntity: Name: NameFull: Monroy, Raúl – PersonEntity: Name: NameFull: Camiña, J. – PersonEntity: Name: NameFull: García-Borroto, Milton IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 02 Text: Feb2017 Type: published Y: 2017 Identifiers: – Type: issn-print Value: 14327643 Numbering: – Type: volume Value: 21 – Type: issue Value: 3 Titles: – TitleFull: Soft Computing - A Fusion of Foundations, Methodologies & Applications Type: main |
| ResultId | 1 |