An N-Gram and STF-IDF model for masquerade detection in a UNIX environment

A masquerader is someone who impersonates another user and operates a computer system with privileged access. Computer security problems caused by masqueraders are serious. Although anomaly detection is considered to be the best way to detect masqueraders, due to the low probability of detection and...

Full description

Saved in:
Bibliographic Details
Published in:Journal in computer virology 2011-05, Vol.7 (2), p.133-142
Main Authors: Geng, Dai, Odaka, Thmohiro, Kuroiwa, Jousuke, Ogura, Hisakazu
Format: Article
Language:English
Subjects:
Applied sciences
Artificial intelligence
Computer Science
Computer science
control theory
systems
Data processing. List processing. Character string processing
Exact sciences and technology
Memory and file management (including protection and security)
Memory organisation. Data processing
Original Paper
Software
Speech and sound recognition and synthesis. Linguistics
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A masquerader is someone who impersonates another user and operates a computer system with privileged access. Computer security problems caused by masqueraders are serious. Although anomaly detection is considered to be the best way to detect masqueraders, due to the low probability of detection and high error rate, this method is still in the research phase. Thus far, a number of methods, such as the Support Vector Machine (SVM), the Hidden Markov Model (HMM), and the Naïve Bayes (N. Bayes) classifier technique, have been investigated in order to further improve accuracy of detection. In the present paper, a method of integrating Data Mining and Natural Language Processing, namely, the N -Gram_Square root Term Frequency-Inverse Document Frequency ( N -Gram_STF-IDF), is proposed. Using the proposed method, sequences to be detected are segmented via N -Gram characteristics, and non-normal users are then detected using a STF-IDF classifier. We perform an experiment using Schonlau and Greenberg data sets and the proposed method and compare the obtained results with results obtained using various other methods.
ISSN:1772-9890
1772-9904
DOI:10.1007/s11416-010-0143-3