Abstract
This research presents a data mining technique for discovering masquerader intrusion. User/system access data are used as a basis for deriving statistically significant event patterns. These patterns could be considered as a user/system access signature. Signature-based approach employs a model discovery technique to derive a reference ground model accounting for the user/system access data. A unique characteristic of this reference ground model is that it captures the statistical characteristics of the access signature, thus providing a basis for reasoning the existence of a security intrusion based on comparing real time access signature with that embedded in the reference ground model. The effectiveness of this approach will be evaluated based on comparative performance using a publicly available data set that contains user masquerade.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Kumar, S.: Classification and Detection of Computer Intrusions, Ph.D. thesis, Purdue University (August 1995)
Lee, W., Srolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proc. of the 7th USENIX Security Symposium, San Antonio, Texas (January 1998)
etrust Audit: Policy Management Guide 1.5. Computer Associates (2003)
Sun Microsystems. SunShield Basic Security Module Guide
Frank, J.: Artificial Intelligence and Intrusion Detection: Current and Future Directions, June 9 (1994)
Ju, W.-H., Vardi, Y.: A Hybrid High-order Markov Chain Model for Computer Intrusion Detection. J. of Computational & Graphical Statistics 10(2) (2001)
Schonlau, M., Dumouchel, W., Ju, W.-H., Karr, A.F., Theus, M., Vardi, Y.: Computer Intrusion: Detecting Masquerades. Statistical Science 16(1), 58–74 (2001)
Agrawal, R., Imielinski, T., Swami, A.: Mining Association Rules between Sets of Items in large Databases. In: Proc. ACM SIGMOD Conf., Washington DC (May 1993)
Sy, B.: Discovering Association Patterns based on Mutual Information. In: Perner, P., Rosenfeld, A. (eds.) MLDM 2003. LNCS (LNAI), vol. 2734. Springer, Heidelberg (2003)
Sy, B., Gupta, A.: Information-statistical Data Mining: Warehouse Integration with Examples of Oracle Basics (2004) ISBN 1-4020-7650-9
Fawcett, T.: ROC Graphs: Notes and Practical Considerations for Data Mining Researchers. Technical Report HPL-2003-4, Intelligent Enterprise Technologies Laboratory, HP Laboratories Palo Alto, January 7 (2003)
Eskin, E.: Anomaly Detection over Noisy Data Using Learned Probability Distributions. In: Proc. of the 17th International Conference on Machine Learning, pp. 255–262. Morgan Kaufmann, San Francisco (2000)
Esponda, F., Forrest, S., Helman, P.: A Formal Framework for Positive and Negative Detection. IEEE Transactions on Systems, Man and Cybernetics 34(1), 357–373 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sy, B.K. (2005). Signature-Based Approach for Intrusion Detection. In: Perner, P., Imiya, A. (eds) Machine Learning and Data Mining in Pattern Recognition. MLDM 2005. Lecture Notes in Computer Science(), vol 3587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11510888_52
Download citation
DOI: https://doi.org/10.1007/11510888_52
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26923-6
Online ISBN: 978-3-540-31891-0
eBook Packages: Computer ScienceComputer Science (R0)