Open Access
Subscription Access
Open Access
Subscription Access
Kullback-Leibler Divergence for Masquerade Detection
Subscribe/Renew Journal
A masquerader is an attacker who gains access to a legitimate user's credentials and pretends to be that user so as to evade detection. Several statistical techniques have been applied to the masquerade detection problem, including hidden Markov models (HMM) and one class na¨ıve Bayes (OCNB). In addition, Kullback-Leibler (KL) divergence has been used in an effort to improve detection rates. In this paper, we analyze masquerade detection techniques that employ HMMs, OCNB, and KL divergence. Detailed statistical analysis is provided to compare the effectiveness of these various approaches.
Keywords
Masquerade Detection, Kullback-Leibler Divergence, one Class Naive Bayes, Hidden Markov Models, Intrusion Detection
Subscription
Login to verify subscription
User
Font Size
Information
- Afgani, M. (2008). Anomaly detection using the Kullback-Leibler divergence metric, Applied Sciences on Biomedical and Communication Technologies. ISABEL’ 08, First International Symposium, 1-5.
- Bertacchini, M. & Fierens, P. I. (2009). A Survey on Masquerader Detection Approaches, CIBSI 2009. Retrieved from www.criptored.upm.es/cibsi/cibsi2009/docs/Papers/CIBSI-Dia2-Sesion5(2).pdf
- Bradley, A. P. (1997). The use of the area under the roc curve in the evaluation of machine learning algorithms. Pattern Recognition, 30(7), 1145-1159.
- Fawcett, T. (2006). An introduction to ROC analysis. Pattern Recognition Letters, 27(8), 861-874.
- Gu, Y., McCallum, A. & Towsley, D. (2005). Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation. IMC ’05 Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement, (pp. 32-37).
- Huang, L. & Stamp, M. (2011). Masquerade detection using profile hidden Markov models. Computers and Security, 30(8), 732-747.
- Idika, N. & Mathur, A. (2007). A survey of malware detection techniques, Technical report, Software Engineering Research Center. Retrieved from www.serc.net/system/files/SERC-TR-286.pdf
- Khanna, R. & Liu, H. (2008). Control theoretic approach to intrusion detection using a distributed hidden Markov model. IEEE Wireless Communications, 15(4), 24-33.
- Kim, H. & Cha, S. (2005). Empirical evaluation of svm-based masquerade detection using unix commands. Computers and Security, 24(2), 160-168.
- Kothari, A. (2012). Defeating Masquerade Detection, Master’s Project 239. Retrieved from scholarworks.sjsu.edu/etd_projects/239
- Kullback, S. & Leibler, R. A. (1951). On information and sufficiency. The Annals of Mathematical Statistics, 22(1), 79-86.
- Maxion, R. A. & Townsend, T. N. (2004). Masquerade Detection Augmented with Error Detection. IEEE Transactions on Reliability, Special Section on Quality/Reliability Engineering of Information Systems, March, 53(1), 124-147.
- Mun, G. J., Noh, B. N. & Kim, Y. M. (2009). Enhanced stochastic learning for feature selection in intrusion classification. International Journal of Innovative Computing, Information and Control, 5(11), 3625-3635.
- Murali, A. & Rao, M. (2005). A survey on intrusion detection approaches. Information and Communication Technologies, ICICT 2005, 233-240.
- Oh, J. H., Gao, J. & Rosenblatt, K. (2008). Biological data outlier detection based on Kullback-Leibler divergence. Bioinformatics and Biomedicine, BIBM’08, 24(16), 249-254.
- Runwal, N., Low, R. M. & Stamp, M. (2012). Opcode graph similarity and metamorphic detection. Journal in Computer Virology, 8(1/2), 37-52.
- Schonlau, M. & Theus, M. (2000). Detecting masquerades in intrusion detection based on unpopular commands. Information Processing Letters, 76(1/2), 33-38.
- Schonlau, M. (2009). Masquerding User Data. Masquerade Data. Retrieved from www.schonlau.net/intrusion.html
- Sharma, A. & Paliwal, K. (2007). Detecting masquerades using a combination of na¨ıve Bayes and weighted RBF approach. Journal in Computer Virology, 3(3), 237-245.
- Shetty, S., Mukkavilli, S. K. & Keel, L. H. (2011). An Integrated Machine Learning and Control Theoretic Model for Mining Concept Drifting Data Streams. IEEE International Conference on Technologies for Homeland Security (HST).
- Sridhara, S. M. & Stamp, M. (2013). Metamorphic worm that carries its own morphing engine. Journal of Computer Virology and Hacking Techniques, 9(2), 49-58.
- Stamp, M. (2011). Information Security: Principles and Practice (2nded.). Wiley.
- Stamp, M. (2012). A Revealing Introduction to Hidden Markov Models. Retrieved from www.cs.sjsu.edu/˜stamp/RUA/HMM.pdf
- Tapiador, J. & Clark, J. (2011). Masquerade mimicry attack detection: A randomized approach. Computers and Security, 30(5), 297-310.
- Viswanathan, G. R. (2013). Analysis of Kullback-Leibler Divergence for Masquerade Detection, Master’s Project 302. Retrieved from scholarworks.sjsu.edu/etd_projects/302/
- Wang, K. & Stolfo, S. (2003). One Class Training for Masquerade Detection. 3rd IEEE Conference Data Mining Workshop on Data Mining for Computer Security. Retrieved from cs.columbia.edu/˜kewang/ paper/ DMSEC-camera.pdf
- Yin, Q. (2003). Intrusion detection based on hidden Markov model. Machine Learning and Cybernetics, 5(1), 3115-3118.
Abstract Views: 682
PDF Views: 4