DocumentCode
429730
Title
Dynamic model selection with its applications to computer security
Author
Maruyama, Yuko ; Yamanishi, Kenji
Author_Institution
NEC Corp., Kanagawa, Japan
fYear
2004
fDate
24-29 Oct. 2004
Firstpage
82
Lastpage
87
Abstract
In recent years there has been increased interest in detecting anomalies in network traffic data/audit logs for computer security. With the appearance of a masquerader, for example, any new anomalous behavior pattern may be observed in command line data, and it is an important issue to detect the emergence of such a pattern as early as possible. This paper addresses this issue of anomaly detection by dynamically selecting statistical models from data. Our goal is here not to select a single model over the data as in conventional statistical model selection, but to select a time series of optimal models efficiently, assuming that the true model may change over time. We call this approach dynamic model selection. We first propose a coding-theoretic criterion for dynamic model selection. Next, we propose two dynamic model selection algorithms attaining the minimum of the criteria and analyze their performance. Finally we demonstrate the validity of our algorithms through real application to masquerade detection using UNIX command sequences.
Keywords
Unix; computer network management; encoding; sequences; telecommunication security; time series; UNIX command sequences; anomaly detection; coding-theoretic criterion; computer security; dynamic model selection; masquerade detection; optimal models; performance; statistical models; time series; Algorithm design and analysis; Application software; Change detection algorithms; Computer security; Electronic mail; Intrusion detection; National electric code; Performance analysis; Telecommunication traffic; Traffic control;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Theory Workshop, 2004. IEEE
Print_ISBN
0-7803-8720-1
Type
conf
DOI
10.1109/ITW.2004.1405279
Filename
1405279
Link To Document