Computer Intrusion: Detecting

Masqueraders in computer intrusion detection are people who use somebody else's computer account. We investigate a number of sta- tistical approaches for detecting masqueraders. To evaluate them, we collected UNIX command data from 50 users and then contaminated the data with masqueraders. The experiment was blinded. We show results from six methods, including two approaches from the computer science community.

[1]  Brian D. Davison,et al.  Predicting Sequences of User Actions , 1998 .

[2]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[3]  Yehuda Vardi,et al.  A Hybrid High-Order Markov Chain Model for Computer Intrusion Detection , 2001 .

[4]  A. Raftery A model for high-order Markov chains , 1985 .

[5]  Carla E. Brodley,et al.  Approaches to Online Learning and Concept Drift for User Identification in Computer Security , 1998, KDD.

[6]  William DuMouchel,et al.  A Fast Computer Intrusion Detection Algorithm Based on Hypothesis Testing of Command Transition Probabilities , 1998, KDD.

[7]  Terry A. Welch,et al.  A Technique for High-Performance Data Compression , 1984, Computer.

[8]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[9]  Dorothy E. Denning,et al.  Cyberspace attacks and countermeasures , 1997 .

[10]  K. Tan,et al.  The application of neural networks to UNIX computer security , 1995, Proceedings of ICNN'95 - International Conference on Neural Networks.

[11]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[12]  David J. Marchette A Statistical Method for Profiling Network Traffic , 1999, Workshop on Intrusion Detection and Network Monitoring.

[13]  A. Raftery,et al.  Estimation and Modelling Repeated Patterns in High Order Markov Chains with the Mixture Transition Distribution Model , 1994 .

[14]  William DuMouchel,et al.  Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities , 1999 .

[15]  E. Amoroso Intrusion Detection , 1999 .

[16]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[17]  Matthias Schonlau,et al.  Detecting masquerades in intrusion detection based on unpopular commands , 2000, Inf. Process. Lett..