Detecting Masqueraders Using High Frequency Commands as Signatures

Network intruders commonly use stolen passwords or other means to log into legitimate users' computer accounts. To prevent this from happening, it is important that we are able to distinguish a user as a true user or a masquerader. Uniqueness of user command has been used in the past as signature of users. This project explores the high frequency commands to see if they work well as signatures. Experimental result was provided to show that they work as well as the Uniqueness method. Besides, the comparisons with other methods were also presented.

[1]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Salvatore J. Stolfo,et al.  Modeling system calls for intrusion detection with dynamic window sizes , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[3]  Kazuhiko Kato,et al.  Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix , 2004, RAID.

[4]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[5]  Xiangliang Zhang,et al.  Profiling program and user behaviors for anomaly intrusion detection based on non-negative matrix factorization , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[6]  Marc Dacier,et al.  Intrusion Detection Using Variable-Length Audit Trail Patterns , 2000, Recent Advances in Intrusion Detection.

[7]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[8]  Matthias Schonlau,et al.  Detecting masquerades in intrusion detection based on unpopular commands , 2000, Inf. Process. Lett..