A Survey on Masquerader Detection Approaches

This paper presents a survey on the area of masquerader detection. The three most popular publicly available UNIX commandline datasets are showed and their features are compared. Several different masquerader detection approaches are reviewed and their results are compared applying the most popular measures of detection effectiveness in this area, introducing the most extensive quantitative comparison of results in literature. Possible ways for future work in this area are proposed as well.

[1]  L. Trejo,et al.  An Improved Non-negative Matrix Factorization Method for Masquerade Detection , 2022 .

[2]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[3]  Xiangliang Zhang,et al.  Profiling program and user behaviors for anomaly intrusion detection based on non-negative matrix factorization , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[4]  Boleslaw K. Szymanski,et al.  Sequence alignment for masquerade detection , 2008, Comput. Stat. Data Anal..

[5]  Terry A. Welch,et al.  A Technique for High-Performance Data Compression , 1984, Computer.

[6]  Ian H. Witten,et al.  Identifying Hierarchical Structure in Sequences: A linear-time algorithm , 1997, J. Artif. Intell. Res..

[7]  Kevin S. Killourhy,et al.  Learning from a Flaw in a Naive-Bayes Masquerade Detector , 2022 .

[8]  Min Yang,et al.  Masquerade Detection Using String Kernels , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[9]  Scott Evans,et al.  MDLcompress for Intrusion Detection: Signature Inference and Masquerade Attack , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[10]  Alex Bateman,et al.  An introduction to hidden Markov models. , 2007, Current protocols in bioinformatics.

[11]  Michael J. Fischer,et al.  The String-to-String Correction Problem , 1974, JACM.

[12]  Sung Deok Cha,et al.  Empirical evaluation of SVM-based masquerade detection using UNIX commands , 2005, Comput. Secur..

[13]  Kwong H. Yung,et al.  Using Self-Consistent Naive-Bayes to Detect Masquerades , 2004, PAKDD.

[14]  Kwong H. Yung,et al.  Using Feedback to Improve Masquerade Detection , 2003, ACNS.

[15]  R. Maxion,et al.  Detect Masqueraders Using UNIX Command Sequences , 2022 .

[16]  Shambhu J. Upadhyaya,et al.  RACOON: rapidly generating user command data for anomaly detection from customizable template , 2004, 20th Annual Computer Security Applications Conference.

[17]  Takeshi Okamoto,et al.  Framework of an Immunity-Based Anomaly Detection System for User Behavior , 2007, KES.

[18]  Takeshi Okamoto,et al.  Towards an immunity-based system for detecting masqueraders , 2009, Int. J. Knowl. Based Intell. Eng. Syst..

[19]  Mizuki Oka,et al.  Eigen Co-occurrence Matrix Method for Masquerade Detection , 2004 .

[20]  Colin Murray Parkes Obe Md Dpm FRCPsych,et al.  Seventh International Conference , 2009 .

[21]  Roy A. Maxion,et al.  Masquerade detection using truncated command lines , 2002, Proceedings International Conference on Dependable Systems and Networks.

[22]  Juan Arturo Nolazco-Flores,et al.  Hybrid Method for Detecting Masqueraders Using Session Folding and Hidden Markov Models , 2006, MICAI.

[23]  M. Turk,et al.  Eigenfaces for Recognition , 1991, Journal of Cognitive Neuroscience.

[24]  Salvatore J. Stolfo,et al.  One-Class Training for Masquerade Detection , 2003 .

[25]  Andrew McCallum,et al.  A comparison of event models for naive bayes text classification , 1998, AAAI 1998.

[26]  Ming Li,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 1997, Texts in Computer Science.

[27]  Roy A. Maxion,et al.  Masquerade detection augmented with error analysis , 2004, IEEE Transactions on Reliability.

[28]  Shou-Hsuan Stephen Huang,et al.  Detecting Masqueraders Using High Frequency Commands as Signatures , 2008, 22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008).

[29]  Raymond K. Wong,et al.  Intrusion Detection via Analysis and Modelling of User Commands , 2005, DaWaK.

[30]  Terran Lane,et al.  An Application of Machine Learning to Anomaly Detection , 1999 .

[31]  Masayoshi Aritsugi,et al.  An SVM-Based Masquerade Detection Method with Online Update Using Co-occurrence Matrix , 2006, DIMVA.

[32]  Saul Greenberg,et al.  USING UNIX: COLLECTED TRACES OF 168 USERS , 1988 .

[33]  Ming Li,et al.  Clustering by compression , 2003, IEEE International Symposium on Information Theory, 2003. Proceedings..

[34]  Kazuhiko Kato,et al.  Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix , 2004, RAID.

[35]  Roy A. Maxion,et al.  Masquerade detection using enriched command lines , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[36]  R. A. Maxion,et al.  Investigating a Possible Flaw in a Masquerade Detection System , 2004 .

[37]  Bin Liu,et al.  Masquerade Detection System Based on Correlation Eigen Matrix and Support Vector Machine , 2006, 2006 International Conference on Computational Intelligence and Security.

[38]  Joffroy Beauquier,et al.  Intrusion Detection based on Distance Combination , 2007 .

[39]  Takeshi Okamoto,et al.  Mechanism for Generating Immunity-Based Agents that Detect Masqueraders , 2004, KES.

[40]  Boleslaw K. Szymanski,et al.  Intrusion detection: a bioinformatics approach , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[41]  Roy A. Maxion,et al.  Naive Bayes as a Masquerade Detector: Addressing a Chronic Failure , 2008, Insider Attack and Cyber Security.

[42]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[43]  Mario Latendresse,et al.  Masquerade Detection via Customized Grammars , 2005, DIMVA.

[44]  Matthias Schonlau,et al.  Detecting masquerades in intrusion detection based on unpopular commands , 2000, Inf. Process. Lett..

[45]  Maximiliano Bertacchini,et al.  NCD Based Masquerader Detection Using Enriched Command Lines ? , 2007 .

[46]  Guozhu Dong,et al.  Masquerader Detection Using OCLEP: One-Class Classification Using Length Statistics of Emerging Patterns , 2006, 2006 Seventh International Conference on Web-Age Information Management Workshops.