Journal of Network and Information Security

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Kullback-Leibler Divergence for Masquerade Detection


Affiliations
1 Department of Computer Science, San Jose State University, San Jose, California, United States
2 Department of Mathematics, San Jose State University, San Jose, California, United States
     

   Subscribe/Renew Journal


A masquerader is an attacker who gains access to a legitimate user's credentials and pretends to be that user so as to evade detection. Several statistical techniques have been applied to the masquerade detection problem, including hidden Markov models (HMM) and one class na¨ıve Bayes (OCNB). In addition, Kullback-Leibler (KL) divergence has been used in an effort to improve detection rates. In this paper, we analyze masquerade detection techniques that employ HMMs, OCNB, and KL divergence. Detailed statistical analysis is provided to compare the effectiveness of these various approaches.

Keywords

Masquerade Detection, Kullback-Leibler Divergence, one Class Naive Bayes, Hidden Markov Models, Intrusion Detection
Subscription Login to verify subscription
User
Notifications
Font Size



  • Kullback-Leibler Divergence for Masquerade Detection

Abstract Views: 762  |  PDF Views: 4

Authors

Geetha Ranjini Viswanathan
Department of Computer Science, San Jose State University, San Jose, California, United States
Richard M. Low
Department of Mathematics, San Jose State University, San Jose, California, United States
Mark Stamp
Department of Computer Science, San Jose State University, San Jose, California, United States

Abstract


A masquerader is an attacker who gains access to a legitimate user's credentials and pretends to be that user so as to evade detection. Several statistical techniques have been applied to the masquerade detection problem, including hidden Markov models (HMM) and one class na¨ıve Bayes (OCNB). In addition, Kullback-Leibler (KL) divergence has been used in an effort to improve detection rates. In this paper, we analyze masquerade detection techniques that employ HMMs, OCNB, and KL divergence. Detailed statistical analysis is provided to compare the effectiveness of these various approaches.

Keywords


Masquerade Detection, Kullback-Leibler Divergence, one Class Naive Bayes, Hidden Markov Models, Intrusion Detection

References