Masquerade detection based on SVM and sequence-based user commands profile

Jeongseok Seo; Sungdeok Cha

doi:10.1145/1229285.1229340

Masquerade detection based on SVM and sequence-based user commands profile

Jeongseok Seo, Sungdeok Cha

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

12 Citations (Scopus)

Abstract

Masqueraders, despite widespread use of security products such as firewalls and intrusion detection systems, are serious threats to organizations. Although anomaly detection techniques have been considered as an effective approach to complement existing security solutions, they are not widely used in practice due to poor accuracy and relatively high degree of false alarms. In this paper, we performed an empirical study investigating the effectiveness of SVM and sequence-based kernel methods. Sequence-based kernel methods showed slightly better performance than generic RBF kernel with same frequency of false alarms. In addition, the composition of two kernel methods showed that frequency of false alarms could be further reduced.

Original language	English
Title of host publication	Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07
Pages	398-400
Number of pages	3
DOIs	https://doi.org/10.1145/1229285.1229340
Publication status	Published - 2007
Externally published	Yes
Event	2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07 - Singapore, Singapore Duration: 2007 Mar 20 → 2007 Mar 22

Publication series

Name	Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07

Other

Other	2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07
Country/Territory	Singapore
City	Singapore
Period	07/3/20 → 07/3/22

Keywords

Anomaly detection
Masquerade detection
Support VectorMachine (SVM)
User commands profile

ASJC Scopus subject areas

Computer Networks and Communications
Software

Access to Document

10.1145/1229285.1229340

Cite this

Masquerade detection based on SVM and sequence-based user commands profile. / Seo, Jeongseok; Cha, Sungdeok.
Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. 2007. p. 398-400 (Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Seo, J & Cha, S 2007, Masquerade detection based on SVM and sequence-based user commands profile. in Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07, pp. 398-400, 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07, Singapore, Singapore, 07/3/20. https://doi.org/10.1145/1229285.1229340

@inproceedings{447b8f10f406492c952d08b7df2895db,

title = "Masquerade detection based on SVM and sequence-based user commands profile",

abstract = "Masqueraders, despite widespread use of security products such as firewalls and intrusion detection systems, are serious threats to organizations. Although anomaly detection techniques have been considered as an effective approach to complement existing security solutions, they are not widely used in practice due to poor accuracy and relatively high degree of false alarms. In this paper, we performed an empirical study investigating the effectiveness of SVM and sequence-based kernel methods. Sequence-based kernel methods showed slightly better performance than generic RBF kernel with same frequency of false alarms. In addition, the composition of two kernel methods showed that frequency of false alarms could be further reduced.",

keywords = "Anomaly detection, Masquerade detection, Support VectorMachine (SVM), User commands profile",

author = "Jeongseok Seo and Sungdeok Cha",

year = "2007",

doi = "10.1145/1229285.1229340",

language = "English",

isbn = "1595935746",

series = "Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07",

pages = "398--400",

booktitle = "Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07",

note = "2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07 ; Conference date: 20-03-2007 Through 22-03-2007",

}

TY - GEN

T1 - Masquerade detection based on SVM and sequence-based user commands profile

AU - Seo, Jeongseok

AU - Cha, Sungdeok

PY - 2007

Y1 - 2007

N2 - Masqueraders, despite widespread use of security products such as firewalls and intrusion detection systems, are serious threats to organizations. Although anomaly detection techniques have been considered as an effective approach to complement existing security solutions, they are not widely used in practice due to poor accuracy and relatively high degree of false alarms. In this paper, we performed an empirical study investigating the effectiveness of SVM and sequence-based kernel methods. Sequence-based kernel methods showed slightly better performance than generic RBF kernel with same frequency of false alarms. In addition, the composition of two kernel methods showed that frequency of false alarms could be further reduced.

AB - Masqueraders, despite widespread use of security products such as firewalls and intrusion detection systems, are serious threats to organizations. Although anomaly detection techniques have been considered as an effective approach to complement existing security solutions, they are not widely used in practice due to poor accuracy and relatively high degree of false alarms. In this paper, we performed an empirical study investigating the effectiveness of SVM and sequence-based kernel methods. Sequence-based kernel methods showed slightly better performance than generic RBF kernel with same frequency of false alarms. In addition, the composition of two kernel methods showed that frequency of false alarms could be further reduced.

KW - Anomaly detection

KW - Masquerade detection

KW - Support VectorMachine (SVM)

KW - User commands profile

UR - http://www.scopus.com/inward/record.url?scp=34748865459&partnerID=8YFLogxK

U2 - 10.1145/1229285.1229340

DO - 10.1145/1229285.1229340

M3 - Conference contribution

AN - SCOPUS:34748865459

SN - 1595935746

SN - 9781595935748

T3 - Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07

SP - 398

EP - 400

BT - Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07

T2 - 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07

Y2 - 20 March 2007 through 22 March 2007

ER -

Masquerade detection based on SVM and sequence-based user commands profile

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this