A variable-length model for masquerade detection

Saved in:
Bibliographic Details
Title: A variable-length model for masquerade detection
Authors: Xiao, Xi1,2 xiaoxi_ac@163.com, Tian, Xinguang3, Zhai, Qibin2, Xia, Shutao1
Source: Journal of Systems & Software. Nov2012, Vol. 85 Issue 11, p2470-2478. 9p.
Subjects: Computer simulation, Masqueraders (Computer users), Computer security, Computer users, Markov processes, Pattern recognition systems, Command languages (Computer science), Probability theory
Abstract: Abstract: Masquerade detection is now one of the major concerns of system security research and its difficulty is to model user behavior on the nonstationary audit data. Many previous works represent the user behavior based on fixed-length models. In this paper, we propose a variable-length model to overcome their weakness in the precision and adaptability of user profiling. In the model, the user''s normal behavior is profiled by Markov chain with states of variable-length sequences. At first multiple shell command streams of different lengths are generated and different shell command sequences are hierarchically merged into several sets to form the library of general sequences. Then the variable-length behavioral patterns of a valid user are mined and the Markov chain is constructed. While performing detection, the probabilities of short state sequences are calculated, smoothed with sliding windows, and finally used to classify the monitored user''s activity as normal or abnormal. Our experiments with standard datasets such as Purdue data and SEA data reveal that the proposed model can achieve higher detection accuracy, require less memory and take shorter time than the other traditional methods and is amenable for real-time intrusion detection. [Copyright &y& Elsevier]
Copyright of Journal of Systems & Software is the property of Elsevier B.V. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 79110204
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: A variable-length model for masquerade detection
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Xiao%2C+Xi%22">Xiao, Xi</searchLink><relatesTo>1,2</relatesTo><i> xiaoxi_ac@163.com</i><br /><searchLink fieldCode="AR" term="%22Tian%2C+Xinguang%22">Tian, Xinguang</searchLink><relatesTo>3</relatesTo><br /><searchLink fieldCode="AR" term="%22Zhai%2C+Qibin%22">Zhai, Qibin</searchLink><relatesTo>2</relatesTo><br /><searchLink fieldCode="AR" term="%22Xia%2C+Shutao%22">Xia, Shutao</searchLink><relatesTo>1</relatesTo>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Journal+of+Systems+%26+Software%22">Journal of Systems & Software</searchLink>. Nov2012, Vol. 85 Issue 11, p2470-2478. 9p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Computer+simulation%22">Computer simulation</searchLink><br /><searchLink fieldCode="DE" term="%22Masqueraders+%28Computer+users%29%22">Masqueraders (Computer users)</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security%22">Computer security</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+users%22">Computer users</searchLink><br /><searchLink fieldCode="DE" term="%22Markov+processes%22">Markov processes</searchLink><br /><searchLink fieldCode="DE" term="%22Pattern+recognition+systems%22">Pattern recognition systems</searchLink><br /><searchLink fieldCode="DE" term="%22Command+languages+%28Computer+science%29%22">Command languages (Computer science)</searchLink><br /><searchLink fieldCode="DE" term="%22Probability+theory%22">Probability theory</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Abstract: Masquerade detection is now one of the major concerns of system security research and its difficulty is to model user behavior on the nonstationary audit data. Many previous works represent the user behavior based on fixed-length models. In this paper, we propose a variable-length model to overcome their weakness in the precision and adaptability of user profiling. In the model, the user''s normal behavior is profiled by Markov chain with states of variable-length sequences. At first multiple shell command streams of different lengths are generated and different shell command sequences are hierarchically merged into several sets to form the library of general sequences. Then the variable-length behavioral patterns of a valid user are mined and the Markov chain is constructed. While performing detection, the probabilities of short state sequences are calculated, smoothed with sliding windows, and finally used to classify the monitored user''s activity as normal or abnormal. Our experiments with standard datasets such as Purdue data and SEA data reveal that the proposed model can achieve higher detection accuracy, require less memory and take shorter time than the other traditional methods and is amenable for real-time intrusion detection. [Copyright &y& Elsevier]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Journal of Systems & Software is the property of Elsevier B.V. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=79110204
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1016/j.jss.2012.05.049
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 9
        StartPage: 2470
    Subjects:
      – SubjectFull: Computer simulation
        Type: general
      – SubjectFull: Masqueraders (Computer users)
        Type: general
      – SubjectFull: Computer security
        Type: general
      – SubjectFull: Computer users
        Type: general
      – SubjectFull: Markov processes
        Type: general
      – SubjectFull: Pattern recognition systems
        Type: general
      – SubjectFull: Command languages (Computer science)
        Type: general
      – SubjectFull: Probability theory
        Type: general
    Titles:
      – TitleFull: A variable-length model for masquerade detection
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Xiao, Xi
      – PersonEntity:
          Name:
            NameFull: Tian, Xinguang
      – PersonEntity:
          Name:
            NameFull: Zhai, Qibin
      – PersonEntity:
          Name:
            NameFull: Xia, Shutao
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 11
              Text: Nov2012
              Type: published
              Y: 2012
          Identifiers:
            – Type: issn-print
              Value: 01641212
          Numbering:
            – Type: volume
              Value: 85
            – Type: issue
              Value: 11
          Titles:
            – TitleFull: Journal of Systems & Software
              Type: main
ResultId 1