Top

Soft Computing

Published in:

27-07-2016 | Focus

Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects

Authors: Miguel Angel Medina-Pérez, Raúl Monroy, J. Benito Camiña, Milton García-Borroto

Published in: Soft Computing | Issue 3/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The goal of a masquerade detection system is to determine whether a given computer activity does not correspond to a target user, thereby inferring that a masquerader has stolen the computer session of a user. Masquerade detection should be addressed as a one-class classification problem, where only user information is available for classifier construction. This might be mandatory when it is difficult to account for all types of attack patterns or collect enough evidence thereof. In this paper, we introduce a masquerader detection method, named Bagging-TPMiner, a one-class classifier ensemble. As the name suggests, Bagging-TPMiner bootstraps the training dataset of genuine user behavior in order to find typical objects. In the classification phase, it renders a new sample of computer behavior to be a masquerade if that behavior is distinct from the typical objects. Critically, unlike existing clustering techniques, Bagging-TPMiner gives similar attention to both types of regions, dense and sparse, thus capturing the (hidden) structure of ordinary user behavior. We have successfully tested Bagging-TPMiner on WUIL, a repository of datasets for masquerader detection that contain more faithful masquerade attempts. Our experimental results show that Bagging-TPMiner improves classification accuracy when compared to other classifiers and that it is significantly better at identifying bursts of attacks, called persistent attacks, or at continuously updating from prior mistakes.

previous article Special issue on Mexican International Conference on Artificial Intelligence, MICAI 2014 and 2015

next article ANFIS and MPC controllers for a reconfigurable lower limb exoskeleton

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

https://sites.google.com/site/miguelmedinaperez/supplementarymaterials/SoftComput2016.pdf.

Bache K, Lichman M (2013) UCI machine learning repository. http://archive.ics.uci.edu/ml

Ben-Salem S, Stolfo S (2010) Modeling user search behavior for masquerade detection. Computer Science technical reports 033. Columbia University

Bertacchini M, Fierens P (2008) A survey on masquerader detection approaches. In: Proceedings of V Congreso Iberoamericano de Seguridad Informática. Universidad de la República de Uruguay, pp 46–60

Camiña B, Monroy R, Trejo L, Sánchez E (2011) Towards building a masquerade detection method based on user file system navigation. In: Batyrshin I, Sidorov G (eds) Proceedings of the Mexican international conference on artificial intelligence, pp 174–186, MICAI’11

Camiña JB, Hernández-Gracidas C, Monroy R, Trejo L (2014) The windows-users and -intruder simulations logs dataset (wuil): an experimental framework for masquerade detection mechanisms. Expert Syst Appl 41:919–930CrossRef

Demšar J (2006) Statistical comparisons of classifiers over multiple data sets. J Mach Learn Res 7:1–30MathSciNetMATH

Denning DE (1987) An intrusion–detection model. IEEE Trans Softw Eng 13(2):222–232CrossRef

Duda RO, Hart PE, Stork DG (2001) Pattern classification. Wiley-Interscience, HobokenMATH

Fawcett T (2006) An introduction to ROC analysis. Pattern Recognit Lett 27:861–874CrossRef

García S, Herrera F (2008) An extension on “Statistical comparisons of classifiers over multiple data sets” for all pairwise comparisons. J Mach Learn Res 9:2677–2694MATH

Garg A, Rahalkar R, Upadhyaya S, Kwiat K (2006) Profiling users in GUI based systems masquerade detection. In: Proceedings of the 7th IEEE information assurance workshop. IEEE Computer Society Press, pp 48–54

Giacinto G, Perdisci R, Del Rio M, Roli F (2008) Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Inf Fusion 9(1):69–82. doi:10.1016/j.inffus.2006.10.002 CrossRef

Kholidy HA, Baiardi F, Hariri S (2014) DDSGA: a data-driven semi-global alignment approach for detecting masquerade attacks. IEEE Trans Depend Secure Comput 12(2):164–178CrossRef

Killourhy K, Maxion RA (2010) Why did my detector do that?!—Predicting keystroke-dynamics error rates. In: Jha S, Sommer R, Kreibich C (eds) Recent advances in intrusion detection, 13th international symposium, RAID 2010, Lecture notes in computer science, vol 6307. Springer, pp 256–276

Kudlacik P, Porwik P, Wesolowski T (2015) Fuzzy approach for intrusion detection based on user’s commands. Soft Comput pp.1–15

Kuncheva LI (2014) Combining pattern classifiers: methods and algorithms. Wiley, HobokenCrossRefMATH

Latendresse M (2005) Masquerade detection via customized grammars. In: Julish K, Kruegel C (eds) Proceedings of the second international conference on detection of intrusions and malware, and vulnerability assessment, DIMVA 2005. Lecture notes in computer science, vol 3548. Springer, pp 141–159

Maxion RA (2003) Masquerade detection using enriched command lines. In: Proceedings of the international conference on dependable systems and networks, DSN’03. IEEE Computer Society Press, San Francisco, CA, USA, pp 5–14

Maxion RA, Townsend TN (2002) Masquerade detection using truncated command lines. In: Proceedings of the international conference on dependable systems and networks, DSN 2002, pp 219–228

Messerman A, Mustafic T, Camtepe S, Albayrak S (2011) Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics. In: Proceedings of the international joint conference on biometrics, IJCB 201. IEEE Computer Society Press, pp 1–8

Morales A, Fierrez J, Ortega-Garcia J (2014) Towards predicting good users for biometric recognition based on keystroke dynamics. In: Agapito L, Bronstein MM, Rother C (eds) Computer vision workshop—ECCV 2014 workshops, part II, Lecture notes in computer science, vol 8926. Springer, pp 711–724

Nevill-Manning CG, Witten IH (1997) Identifying hierarchical structure in sequences: a linear-time algorithm. JAIR 7:67–82MATH

Posadas R, Mex-Perera C, Monroy R, Nolazco-Flores J (2006) Hybrid method for detecting masqueraders using session folding and hidden markov models. In: Proceedings of the 5th Mexican international conference on artificial intelligence: advances in artificial intelligence. Lecture notes in computer science, vol 4293. Springer, pp 622–631

Pusara M (2004) User re-authentication via mouse movements. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security, VizSEC/DMSEC’04. ACM, New York, USA, pp 1–8

Razo-Zapata I, Mex-Perera C, Monroy R (2012) Masquerade attacks based on user’s profile. J Syst Softw 85(11):2640–2651CrossRef

Salem MB, Hershkop S, Stolfo SJ (2008) A survey of insider attack detection research. In: Stolfo SJ, Bellovin SM, Hershkop S, Keromytis A, Sinclair S, Smith SW (eds) Insider attack and cyber security: beyond the hacker, advances in information security. Springer, Berlin, pp 69–90CrossRef

Schonlau M, DuMouchel W, Ju W, Karr A, Theus M, Vardi Y (2001) Computer intrusion: detecting masquerades. Stat Sci 16(1):58–74MathSciNetCrossRefMATH

Schonlau M, Theus M (2000) Detecting masquerades in intrusion detection based on unpopular commands. Inf Process Lett 76:33–38CrossRef

Song Y, Ben-Salem M, Hershkop S, Stolfo S (2013) System level user behavior biometrics using fisher features and gaussian mixture models. In: Security and privacy workshops, SPW 2013. IEEE Computer Society Press, pp 52–59

Tax DMJ, Duin RPW (2001) Combining one-class classifiers. In: Multiple classifier systems, 2001 (MCS). Lecture notes in computer science, vol 2096. Springer Berlin, Heidelberg, pp 299–308

Vapnik V (1998) Statistical learning theory. Wiley, HobokenMATH

Wang K, Stolfo S (2003) One-class training for masquerade detection. In: Proceedings of the 3rd IEEE conference data mining workshop on data mining for computer security. IEEE, pp 10–19

Title: Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects
Authors: Miguel Angel Medina-Pérez
Raúl Monroy
J. Benito Camiña
Milton García-Borroto
Publication date: 27-07-2016
Publisher: Springer Berlin Heidelberg
Published in: Soft Computing / Issue 3/2017
Print ISSN: 1432-7643
Electronic ISSN: 1433-7479
DOI: https://doi.org/10.1007/s00500-016-2278-8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Other articles of this Issue 3/2017

An intelligent character recognition method to filter spam images on cloud

Interval type-2 fuzzy logic for dynamic parameter adaptation in the bat algorithm

A new class of BL-algebras

Application of the distributed document representation in the authorship attribution task for small corpora

Segmentation of carbon nanotube images through an artificial neural network

Cross-domain deception detection using support vector networks

Premium Partner