Title :
User Behavior Analysis in Masquerade Detection Using Principal Component Analysis
Author :
Wu, Han-Ching ; Huang, Shou-Hsuan Stephen
Author_Institution :
Dept. of Comput. Sci., Univ. of Houston, Houston, TX
Abstract :
Network attackers usually compromise legitimate user account to gain access to host computer. To detect and prevent this kind of attacks, it is typical to build anomaly intrusion detection system (AIDS) to distinguish a legitimate user from an intruder, called masquerader. One important hypothesis of this type of detection is: different user exhibits different behavior in their online activities. The user behavior can be captured and compared. The efficiency of AIDS relies on the quality of the training data. Many prior studies encounter the problem of low hit rates and high false alarms. In this paper, we study the relationship between the user behavior in terms of operating system commands and the success rate of detection. We first used the principal component analysis (PCA) to select the commands that are highly effective in distinguishing users. Then we use these commands to classify users into categories. Our analysis shows a strong correlation between the false rate and the distance between these categories.
Keywords :
operating systems (computers); principal component analysis; security of data; PCA; anomaly intrusion detection system; masquerade detection; operating system commands; principal component analysis; user behavior analysis; Acquired immune deficiency syndrome; Detectors; Electrochemical machining; Intelligent networks; Intelligent systems; Intrusion detection; Neural networks; Principal component analysis; Testing; Training data; Intrusion Detection; Masqueraders; Network Security; Principal Component Analysis; Profiles;
Conference_Titel :
Intelligent Systems Design and Applications, 2008. ISDA '08. Eighth International Conference on
Conference_Location :
Kaohsiung
Print_ISBN :
978-0-7695-3382-7
DOI :
10.1109/ISDA.2008.243
