Masquerade detection based on SVM and sequence-based user commands profile

Jeongseok Seo, Sungdeok Cha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Citations (Scopus)

Abstract

Masqueraders, despite widespread use of security products such as firewalls and intrusion detection systems, are serious threats to organizations. Although anomaly detection techniques have been considered as an effective approach to complement existing security solutions, they are not widely used in practice due to poor accuracy and relatively high degree of false alarms. In this paper, we performed an empirical study investigating the effectiveness of SVM and sequence-based kernel methods. Sequence-based kernel methods showed slightly better performance than generic RBF kernel with same frequency of false alarms. In addition, the composition of two kernel methods showed that frequency of false alarms could be further reduced.

Original languageEnglish
Title of host publicationProceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07
Pages398-400
Number of pages3
DOIs
Publication statusPublished - 2007 Oct 1
Externally publishedYes
Event2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07 - Singapore, Singapore
Duration: 2007 Mar 202007 Mar 22

Other

Other2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07
CountrySingapore
CitySingapore
Period07/3/2007/3/22

Fingerprint

Intrusion detection
Chemical analysis

Keywords

  • Anomaly detection
  • Masquerade detection
  • Support VectorMachine (SVM)
  • User commands profile

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Cite this

Seo, J., & Cha, S. (2007). Masquerade detection based on SVM and sequence-based user commands profile. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07 (pp. 398-400) https://doi.org/10.1145/1229285.1229340

Masquerade detection based on SVM and sequence-based user commands profile. / Seo, Jeongseok; Cha, Sungdeok.

Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. 2007. p. 398-400.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Seo, J & Cha, S 2007, Masquerade detection based on SVM and sequence-based user commands profile. in Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. pp. 398-400, 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07, Singapore, Singapore, 07/3/20. https://doi.org/10.1145/1229285.1229340
Seo J, Cha S. Masquerade detection based on SVM and sequence-based user commands profile. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. 2007. p. 398-400 https://doi.org/10.1145/1229285.1229340
Seo, Jeongseok ; Cha, Sungdeok. / Masquerade detection based on SVM and sequence-based user commands profile. Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07. 2007. pp. 398-400
@inproceedings{447b8f10f406492c952d08b7df2895db,
title = "Masquerade detection based on SVM and sequence-based user commands profile",
abstract = "Masqueraders, despite widespread use of security products such as firewalls and intrusion detection systems, are serious threats to organizations. Although anomaly detection techniques have been considered as an effective approach to complement existing security solutions, they are not widely used in practice due to poor accuracy and relatively high degree of false alarms. In this paper, we performed an empirical study investigating the effectiveness of SVM and sequence-based kernel methods. Sequence-based kernel methods showed slightly better performance than generic RBF kernel with same frequency of false alarms. In addition, the composition of two kernel methods showed that frequency of false alarms could be further reduced.",
keywords = "Anomaly detection, Masquerade detection, Support VectorMachine (SVM), User commands profile",
author = "Jeongseok Seo and Sungdeok Cha",
year = "2007",
month = "10",
day = "1",
doi = "10.1145/1229285.1229340",
language = "English",
isbn = "1595935746",
pages = "398--400",
booktitle = "Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07",

}

TY - GEN

T1 - Masquerade detection based on SVM and sequence-based user commands profile

AU - Seo, Jeongseok

AU - Cha, Sungdeok

PY - 2007/10/1

Y1 - 2007/10/1

N2 - Masqueraders, despite widespread use of security products such as firewalls and intrusion detection systems, are serious threats to organizations. Although anomaly detection techniques have been considered as an effective approach to complement existing security solutions, they are not widely used in practice due to poor accuracy and relatively high degree of false alarms. In this paper, we performed an empirical study investigating the effectiveness of SVM and sequence-based kernel methods. Sequence-based kernel methods showed slightly better performance than generic RBF kernel with same frequency of false alarms. In addition, the composition of two kernel methods showed that frequency of false alarms could be further reduced.

AB - Masqueraders, despite widespread use of security products such as firewalls and intrusion detection systems, are serious threats to organizations. Although anomaly detection techniques have been considered as an effective approach to complement existing security solutions, they are not widely used in practice due to poor accuracy and relatively high degree of false alarms. In this paper, we performed an empirical study investigating the effectiveness of SVM and sequence-based kernel methods. Sequence-based kernel methods showed slightly better performance than generic RBF kernel with same frequency of false alarms. In addition, the composition of two kernel methods showed that frequency of false alarms could be further reduced.

KW - Anomaly detection

KW - Masquerade detection

KW - Support VectorMachine (SVM)

KW - User commands profile

UR - http://www.scopus.com/inward/record.url?scp=34748865459&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34748865459&partnerID=8YFLogxK

U2 - 10.1145/1229285.1229340

DO - 10.1145/1229285.1229340

M3 - Conference contribution

AN - SCOPUS:34748865459

SN - 1595935746

SN - 9781595935748

SP - 398

EP - 400

BT - Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07

ER -