Towards an immunity-based system for detecting masqueraders

This paper proposes an immunity-based system for detecting masqueraders in UNIX-like systems. The system is based on the specificity and diversity of the immune system. In other words, the immunity-based system has a user-specific agent for every user, and makes use of multiple profiles, not a single profile. The use of multiple profiles can lead to an improvement in masquerader detection accuracy. In fact, the immunity-based method outperforms other two methods which was the best detection performance in the previous works. In addition, we propose an evaluation framework for the immunity-based masquerader detection system. The evaluation framework is capable of evaluating the differences in detection accuracy between internal and external masqueraders.

[1]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2]  William DuMouchel,et al.  Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities , 1999 .

[3]  Carla E. Brodley,et al.  Approaches to Online Learning and Concept Drift for User Identification in Computer Security , 1998, KDD.

[4]  P. Helman,et al.  A formal framework for positive and negative detection schemes , 2004, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[5]  Matthias Schonlau,et al.  Detecting masquerades in intrusion detection based on unpopular commands , 2000, Inf. Process. Lett..

[6]  Kevin P. Anchor,et al.  CDIS: Towards a Computer Immune System for Detecting Network Intrusions , 2001, Recent Advances in Intrusion Detection.

[7]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[8]  Yoshiteru Ishida,et al.  Immunity-Based Systems , 2004, Advanced Information Processing.

[9]  Yoshiteru Ishida Immunity-Based Systems: A Design Perspective , 2010 .

[10]  Y. Ishida,et al.  An immune algorithm for multiagent: application to adaptive noise neutralization , 1996, Proceedings of IEEE/RSJ International Conference on Intelligent Robots and Systems. IROS '96.

[11]  Rogério de Lemos,et al.  Negative Selection: How to Generate Detectors , 2002 .

[12]  James P. Egan,et al.  Signal detection theory and ROC analysis , 1975 .

[13]  Yehuda Vardi,et al.  A Hybrid High-Order Markov Chain Model for Computer Intrusion Detection , 2001 .

[14]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[15]  David W. Corne,et al.  An Investigation of the Negative Selection Algorithm for Fault Detection in Refrigeration Systems , 2003, ICARIS.

[16]  Takeshi Okamoto,et al.  Dynamic Updating of Profiles for an Immunity-Based Anomaly Detection System , 2008, KES.

[17]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[18]  Brian D. Davison,et al.  Predicting Sequences of User Actions , 1998 .