Using instance-weighted naive Bayes for adapting concept drift in masquerade detection.

Saved in:
Bibliographic Details
Title: Using instance-weighted naive Bayes for adapting concept drift in masquerade detection.
Authors: Sen, Sevil1 ssen@cs.hacettepe.edu.tr
Source: International Journal of Information Security. Nov2014, Vol. 13 Issue 6, p583-590. 8p.
Subjects: Masqueraders (Computer users), Malware, Text mining, Bayes' theorem, Detectors
Abstract: Although there are many approaches proposed for masquerade detection in the literature, few of them consider concept drift; the problem of distinguishing malicious behaviours from the natural change in user behaviours. Researchers mainly focus on updating user behaviours for adapting concept drift in masquerade detection. However, these approaches rely on the accuracy of the detector and do not take into account malicious instances which are erroneously added to the updating scheme. In this study, we show that conventional approaches based on instance selection are affected dramatically when misclassified intrusive data are added to the training data. Therefore, we propose a new approach based on instance weighting which updates user behaviours gradually according to the weights assigned to each instance, regardless of them being malicious or non-malicious. The results show that the proposed approach outperforms the other updating schemes in the literature, where the malicious instances are more than 5 % of the benign instances in the updating, which is very likely to happen due to the high miss rate of the existing detectors. [ABSTRACT FROM AUTHOR]
Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 98899380
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Using instance-weighted naive Bayes for adapting concept drift in masquerade detection.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Sen%2C+Sevil%22">Sen, Sevil</searchLink><relatesTo>1</relatesTo><i> ssen@cs.hacettepe.edu.tr</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22International+Journal+of+Information+Security%22">International Journal of Information Security</searchLink>. Nov2014, Vol. 13 Issue 6, p583-590. 8p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Masqueraders+%28Computer+users%29%22">Masqueraders (Computer users)</searchLink><br /><searchLink fieldCode="DE" term="%22Malware%22">Malware</searchLink><br /><searchLink fieldCode="DE" term="%22Text+mining%22">Text mining</searchLink><br /><searchLink fieldCode="DE" term="%22Bayes'+theorem%22">Bayes' theorem</searchLink><br /><searchLink fieldCode="DE" term="%22Detectors%22">Detectors</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Although there are many approaches proposed for masquerade detection in the literature, few of them consider concept drift; the problem of distinguishing malicious behaviours from the natural change in user behaviours. Researchers mainly focus on updating user behaviours for adapting concept drift in masquerade detection. However, these approaches rely on the accuracy of the detector and do not take into account malicious instances which are erroneously added to the updating scheme. In this study, we show that conventional approaches based on instance selection are affected dramatically when misclassified intrusive data are added to the training data. Therefore, we propose a new approach based on instance weighting which updates user behaviours gradually according to the weights assigned to each instance, regardless of them being malicious or non-malicious. The results show that the proposed approach outperforms the other updating schemes in the literature, where the malicious instances are more than 5 % of the benign instances in the updating, which is very likely to happen due to the high miss rate of the existing detectors. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=98899380
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s10207-014-0238-9
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 8
        StartPage: 583
    Subjects:
      – SubjectFull: Masqueraders (Computer users)
        Type: general
      – SubjectFull: Malware
        Type: general
      – SubjectFull: Text mining
        Type: general
      – SubjectFull: Bayes' theorem
        Type: general
      – SubjectFull: Detectors
        Type: general
    Titles:
      – TitleFull: Using instance-weighted naive Bayes for adapting concept drift in masquerade detection.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Sen, Sevil
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 11
              Text: Nov2014
              Type: published
              Y: 2014
          Identifiers:
            – Type: issn-print
              Value: 16155262
          Numbering:
            – Type: volume
              Value: 13
            – Type: issue
              Value: 6
          Titles:
            – TitleFull: International Journal of Information Security
              Type: main
ResultId 1