nach oben

Erschienen in:

12.07.2018 | Special Issue Paper

Bagging-RandomMiner: a one-class classifier for file access-based masquerade detection

verfasst von: José Benito Camiña, Miguel Angel Medina-Pérez, Raúl Monroy, Octavio Loyola-González, Luis Angel Pereyra Villanueva, Luis Carlos González Gurrola

Erschienen in: Machine Vision and Applications | Ausgabe 5/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Dependence on personal computers has required the development of security mechanisms to protect the information stored in these devices. There have been different approaches to profile user behavior to protect information from a masquerade attack; one such recent approach is based on user file-access patterns. In this paper, we propose a novel classification ensemble for file access-based masquerade detection. We have successfully validated the hypothesis that a one-class classification approach to file access-based masquerade detection outperforms a multi-class one. In particular, our proposed one-class classifier significantly outperforms several state-of-the-art multi-class classifiers. Our results indicate that one-class classification attains better classification results, even when unknown attacks arise. Additionally, we introduce three new repositories of datasets for the identification of the three main types of attacks reported in the literature, where each training dataset contains no object belonging to the type of attack to be identified. These repositories can be used for testing future classifiers, simulating attacks carried out in a real scenario.

Vorheriger Artikel Dual-channel CNN for efficient abnormal behavior identification through crowd feature engineering

Nächster Artikel Audiovisual emotion recognition in wild

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Available at www.schonlau.net/intrusion.html.

http://homepage.cem.itesm.mx/raulm/wuil-ds/.

drive.google.com/file/d/0B9jNhJSXlx7GNTJKUHFqb0Rtdjg/view.

Aha, D.W., Kibler, D., Albert, M.K.: Instance-based learning algorithms. Mach. Learn. 6(1), 37–66 (1991). https://doi.org/10.1007/BF00153759 CrossRef

Baeza-Yates, R.A., Ribeiro-Neto, B.: Modern Information Retrieval. Addison-Wesley Longman Publishing Co., Inc., Boston (1999)

Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001). https://doi.org/10.1023/A:1010933404324 MATHCrossRef

Camiña, B., Monroy, R., Trejo, L.A., Sánchez, E.: Towards building a masquerade detection method based on user file system navigation. In: Batyrshin, I., Sidorov, G. (eds.) Proceedings of the 10th Mexican International Conference on Artificial Intelligence (MICAI 2011), pp. 174–186. Springer, Berlin (2011). https://doi.org/10.1007/978-3-642-25324-9_15 CrossRef

Camiña, J.B., Hernndez-Gracidas, C., Monroy, R., Trejo, L.: The windows-users and -intruder simulations logs dataset (wuil): an experimental framework for masquerade detection mechanisms. Expert Syst. Appl. 41(3), 919–930 (2014). https://doi.org/10.1016/j.eswa.2013.08.022. Methods and Applications of Artificial and Computational IntelligenceCrossRef

Camiña, J.B., Monroy, R., Trejo, L.A., Medina-Pérez, M.A.: Temporal and spatial locality: an abstraction for masquerade detection. IEEE Trans. Inf. Forensics Secur. 11(9), 2036–2051 (2016). https://doi.org/10.1109/TIFS.2016.2571679 CrossRef

Camiña, J.B., Rodríguez, J., Monroy, R.: Towards a masquerade detection system based on user’s tasks. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2014), pp. 447–465. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_22 CrossRef

Cessie, S.L., Houwelingen, J.C.V.: Ridge estimators in logistic regression. J. R. Stat. Soc. Ser. C (Appl. Stat.) 41(1), 191–201 (1992)MATH

Demšar, J.: Statistical comparisons of classifiers over multiple data sets. J. Mach. Learn. Res. 7, 1–30 (2006)MathSciNetMATH

10.

Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. SE-13(2), 222–232 (1987). https://doi.org/10.1109/TSE.1987.232894

11.

Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 7th edn. Wiley-Interscience, Hoboken (2012)MATH

12.

Fawcett, T.: An introduction to ROC analysis. Pattern Recognit. Lett. 27(8), 861–874 (2006). https://doi.org/10.1016/j.patrec.2005.10.010. ROC Analysis in Pattern RecognitionMathSciNetCrossRef

13.

Freund, Y., Schapire, R.E.: Experiments with a new boosting algorithm. In: Proceedings of the Thirteenth International Conference on Machine Learning, pp. 148–156 (1996)

14.

García, S., Herrera, F.: An extension on “statistical comparisons of classifiers over multiple data sets” for all pairwise comparisons. J. Mach. Learn. Res. 9, 2677–2694 (2008)MATH

15.

Garg, A., Rahalkar, R., Upadhyaya, S., Kwiat, K.: Profiling users in GUI based systems for masquerade detection. In: IEEE Information Assurance Workshop, pp. 48–54 (2006). https://doi.org/10.1109/IAW.2006.1652076

16.

Gates, C., Li, N., Xu, Z., Chari, S.N., Molloy, I., Park, Y.: Detecting insider information theft using features from file access logs. In: Kutyłowski, M., Vaidya, J. (eds.) Proceedings of the 19th European Symposium on Research in Computer Security (ESORICS), pp. 383–400. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_22 CrossRef

17.

Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11(1), 10–18 (2009). https://doi.org/10.1145/1656274.1656278 CrossRef

18.

Haykin, S.S.: Neural Networks: A Comprehensive Foundation, 2nd edn. Tsinghua University Press, Beijing (2001)MATH

19.

Japkowicz, N.: Assessment Metrics for Imbalanced Learning. In: He, H., Ma, Y. (eds.) Imbalanced Learning: Foundations, Algorithms, and Applications, Chap. 8, pp. 187–206. Wiley, New York (2013). https://doi.org/10.1002/9781118646106.ch8 CrossRef

20.

Jian, Z., Shirai, H., Takahashi, I., Kuroiwa, J., Odaka, T., Ogura, H.: Masquerade detection by boosting decision stumps using unix commands. Comput. Secur. 26(4), 311–318 (2007). https://doi.org/10.1016/j.cose.2006.11.008 CrossRef

21.

John, G.H., Langley, P.: Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the Eleventh Conference on Uncertainty in Artificial Intelligence, UAI’95, pp. 338–345. Morgan Kaufmann Publishers Inc., San Francisco (1995). http://dl.acm.org/citation.cfm?id=2074158.2074196

22.

Kholidy, H.A., Baiardi, F., Hariri, S.: DDSGA: a data-driven semi-global alignment approach for detecting masquerade attacks. IEEE Trans. Dependable Secure Comput. 12(2), 164–178 (2015). https://doi.org/10.1109/TDSC.2014.2327966 CrossRef

23.

Killourhy, K., Maxion, R.: Why did my detector do that?!. In: Jha, S., Sommer, R., Kreibich, C. (eds.) Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 256–276. Springer, Berlin (2010). https://doi.org/10.1007/978-3-642-15512-3_14 CrossRef

24.

Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: International Conference on Dependable Systems Networks (IFIP), pp. 125–134 (2009). https://doi.org/10.1109/DSN.2009.5270346

25.

Kim, H.S., Cha, S.D.: Empirical evaluation of SVM-based masquerade detection using unix commands. Comput. Secur. 24(2), 160–168 (2005). https://doi.org/10.1016/j.cose.2004.08.007 CrossRef

26.

Kubat, M., Matwin, S.: Addressing the curse of imbalanced training sets: one-sided selection. In: 14th International Conference on Machine Learning (ICML97), pp. 179–186 (1997)

27.

Kudłacik, P., Porwik, P., Wesołowski, T.: Fuzzy approach for intrusion detection based on user’s commands. Soft. Comput. 20(7), 2705–2719 (2016). https://doi.org/10.1007/s00500-015-1669-6 CrossRef

28.

Loyola-González, O., Medina-Pérez, M.A., Martínez-Trinidad, J.F., Carrasco-Ochoa, J.A., Monroy, R., García-Borroto, M.: PBC4cip: a new contrast pattern-based classifier for class imbalance problems. Knowl. Based Syst. 115, 100–109 (2017). https://doi.org/10.1016/j.knosys.2016.10.018 CrossRef

29.

MathWorks, Inc.: Treebagger (2015). http://www.mathworks.com/help/toolbox/stats/treebagger.html

30.

Maxion, R.A.: Masquerade detection using enriched command lines. In: Proceedings of the International Conference on Dependable Systems and Networks, pp. 5–14 (2003). https://doi.org/10.1109/DSN.2003.1209911

31.

Maxion, R.A., Townsend, T.N.: Masquerade detection using truncated command lines. In: Proceedings of the International Conference on Dependable Systems and Networks, pp. 219–228 (2002). https://doi.org/10.1109/DSN.2002.1028903

32.

Medina-Pérez, M.A., Monroy, R., Camiña, J.B., García-Borroto, M.: Bagging-TPMiner: a classifier ensemble for masquerader detection based on typical objects. Soft. Comput. 21(3), 557–569 (2017). https://doi.org/10.1007/s00500-016-2278-8 CrossRef

33.

Messerman, A., Mustafi, T., Camtepe, S.A., Albayrak, S.: Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics. In: International Joint Conference on Biometrics (IJCB), pp. 1–8 (2011). https://doi.org/10.1109/IJCB.2011.6117552

34.

Morales, A., Fierrez, J., Ortega-Garcia, J.: Towards predicting good users for biometric recognition based on keystroke dynamics. In: Agapito, L., Bronstein, M.M., Rother, C. (eds.) Proceedings of the Workshop on Computer Vision (ECCV 2014), pp. 711–724. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16181-5_54 CrossRef

35.

Platt, J.C.: Fast training of support vector machines using sequential minimal optimization. In: Schólkopf, B., Burges, C.J.C., Smola, A.J. (eds.) Advances in Kernel Methods, pp. 185–208. MIT, Cambridge, MA, USA (1999)

36.

Pusara, M., Brodley, C.E.: User re-authentication via mouse movements. In: Proceedings of the Workshop on Visualization and Data Mining for Computer Security, VizSEC/DMSEC ’04, pp. 1–8. ACM, New York (2004). https://doi.org/10.1145/1029208.1029210

37.

Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers Inc., Los Altos (1993)

38.

Rodríguez, J., Cañete, L., Monroy, R., Medina-Pérez, M.A.: Experimenting with masquerade detection via user task usage. Int. J. Interact. Des. Manuf. (IJIDeM) 11(4), 771–784 (2016). https://doi.org/10.1007/s12008-016-0360-1 CrossRef

39.

Salem, M.B., Stolfo, S.J.: Modeling user search behavior for masquerade detection. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection, pp. 181–200. Springer, Berlin (2011). https://doi.org/10.1007/978-3-642-23644-0_10 CrossRef

40.

Saljooghinejad, H., Bhukya, W.N.: Layered security architecture for masquerade attack detection. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) Proceedings of the 26th Conference on Data and Applications Security and Privacy, pp. 255–262. Springer, Berlin (2012). https://doi.org/10.1007/978-3-642-31540-4_19 CrossRef

41.

Schonlau, M., DuMouchel, W., Ju, W.H., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: detecting masquerades. Stat. Sci. 16(1), 58–74 (2001)

42.

Shen, C., Cai, Z., Guan, X., Maxion, R.: Performance evaluation of anomaly-detection algorithms for mouse dynamics. Comput. Secur. 45, 156–171 (2014). https://doi.org/10.1016/j.cose.2014.05.002 CrossRef

43.

Song, Y., Salem, M.B., Hershkop, S., Stolfo, S.J.: System level user behavior biometrics using fisher features and gaussian mixture models. In: IEEE Security and Privacy Workshops, pp. 52–59 (2013). https://doi.org/10.1109/SPW.2013.33

44.

Vidal, J.M., Orozco, A.L.S., Villalba, L.J.G.: Online masquerade detection resistant to mimicry. Expert Syst. Appl. 61, 162–180 (2016). https://doi.org/10.1016/j.eswa.2016.05.036 CrossRef

45.

Wang, K., Stolfo, S.J.: One-class training for masquerade detection. In: Workshop on Data Mining for Computer Security, p. 10. Citeseer (2003)

46.

Wang, X., Sun, Y., Wang, Y.: An abnormal file access behavior detection approach based on file path diversity. IET Conference Proceedings, pp. 455–459 (2014). http://digital-library.theiet.org/content/conferences/10.1049/cp.2014.0632

47.

Wang, X., Wang, Y., Liu, Q., Sun, Y., Xie, P.: Insider detection by analyzing process behaviors of file access. In: Park, J.J.J.H., Yi, G., Jeong, Y.S., Shen, H. (eds.) Advances in Parallel and Distributed Computing and Ubiquitous Services (UCAWSN & PDCAT), pp. 209–219. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-0068-3_28 CrossRef

48.

Weiss, A., Ramapanicker, A., Shah, P., Noble, S., Immohr, L.: Mouse movements biometric identification: a feasibility study. Proc. Student/Faculty Research Day CSIS. Pace University, White Plains (2007)

Titel: Bagging-RandomMiner: a one-class classifier for file access-based masquerade detection
verfasst von: José Benito Camiña
Miguel Angel Medina-Pérez
Raúl Monroy
Octavio Loyola-González
Luis Angel Pereyra Villanueva
Luis Carlos González Gurrola
Publikationsdatum: 12.07.2018
Verlag: Springer Berlin Heidelberg
Erschienen in: Machine Vision and Applications / Ausgabe 5/2019
Print ISSN: 0932-8092
Elektronische ISSN: 1432-1769
DOI: https://doi.org/10.1007/s00138-018-0957-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 5/2019

A real-time webcam-based method for assessing upper-body postures

An efficient Concealed Information Test: EEG feature extraction and ensemble classification for lie identification

Audiovisual emotion recognition in wild

Dual-channel CNN for efficient abnormal behavior identification through crowd feature engineering

Guest editorial: special issue on human abnormal behavioural analysis

Beyond estimating discrete directions of walk: a fuzzy approach

Premium Partner