Kullback-Leibler Divergence for Masquerade Detection

Geetha Ranjini Viswanathan; Richard M. Low; Mark Stamp

Kullback-Leibler Divergence for Masquerade Detection

Geetha Ranjini Viswanathan ¹, Richard M. Low ², Mark Stamp ¹

Affiliations
1 Department of Computer Science, San Jose State University, San Jose, California, United States
2 Department of Mathematics, San Jose State University, San Jose, California, United States

A masquerader is an attacker who gains access to a legitimate user's credentials and pretends to be that user so as to evade detection. Several statistical techniques have been applied to the masquerade detection problem, including hidden Markov models (HMM) and one class na¨ıve Bayes (OCNB). In addition, Kullback-Leibler (KL) divergence has been used in an effort to improve detection rates. In this paper, we analyze masquerade detection techniques that employ HMMs, OCNB, and KL divergence. Detailed statistical analysis is provided to compare the effectiveness of these various approaches.

Keywords

Masquerade Detection, Kullback-Leibler Divergence, one Class Naive Bayes, Hidden Markov Models, Intrusion Detection

I-Scholar

Journal Help

Subscription Login to verify subscription

User

Notifications

Journal Content
Browse

Font Size

Information

Afgani, M. (2008). Anomaly detection using the Kullback-Leibler divergence metric, Applied Sciences on Biomedical and Communication Technologies. ISABEL’ 08, First International Symposium, 1-5.

Bertacchini, M. & Fierens, P. I. (2009). A Survey on Masquerader Detection Approaches, CIBSI 2009. Retrieved from www.criptored.upm.es/cibsi/cibsi2009/docs/Papers/CIBSI-Dia2-Sesion5(2).pdf

Bradley, A. P. (1997). The use of the area under the roc curve in the evaluation of machine learning algorithms. Pattern Recognition, 30(7), 1145-1159.

Fawcett, T. (2006). An introduction to ROC analysis. Pattern Recognition Letters, 27(8), 861-874.

Gu, Y., McCallum, A. & Towsley, D. (2005). Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation. IMC ’05 Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement, (pp. 32-37).

Huang, L. & Stamp, M. (2011). Masquerade detection using profile hidden Markov models. Computers and Security, 30(8), 732-747.

Idika, N. & Mathur, A. (2007). A survey of malware detection techniques, Technical report, Software Engineering Research Center. Retrieved from www.serc.net/system/files/SERC-TR-286.pdf

Khanna, R. & Liu, H. (2008). Control theoretic approach to intrusion detection using a distributed hidden Markov model. IEEE Wireless Communications, 15(4), 24-33.

Kim, H. & Cha, S. (2005). Empirical evaluation of svm-based masquerade detection using unix commands. Computers and Security, 24(2), 160-168.

Kothari, A. (2012). Defeating Masquerade Detection, Master’s Project 239. Retrieved from scholarworks.sjsu.edu/etd_projects/239

Kullback, S. & Leibler, R. A. (1951). On information and sufficiency. The Annals of Mathematical Statistics, 22(1), 79-86.

Maxion, R. A. & Townsend, T. N. (2004). Masquerade Detection Augmented with Error Detection. IEEE Transactions on Reliability, Special Section on Quality/Reliability Engineering of Information Systems, March, 53(1), 124-147.

Mun, G. J., Noh, B. N. & Kim, Y. M. (2009). Enhanced stochastic learning for feature selection in intrusion classification. International Journal of Innovative Computing, Information and Control, 5(11), 3625-3635.

Murali, A. & Rao, M. (2005). A survey on intrusion detection approaches. Information and Communication Technologies, ICICT 2005, 233-240.

Oh, J. H., Gao, J. & Rosenblatt, K. (2008). Biological data outlier detection based on Kullback-Leibler divergence. Bioinformatics and Biomedicine, BIBM’08, 24(16), 249-254.

Runwal, N., Low, R. M. & Stamp, M. (2012). Opcode graph similarity and metamorphic detection. Journal in Computer Virology, 8(1/2), 37-52.

Schonlau, M. & Theus, M. (2000). Detecting masquerades in intrusion detection based on unpopular commands. Information Processing Letters, 76(1/2), 33-38.

Schonlau, M. (2009). Masquerding User Data. Masquerade Data. Retrieved from www.schonlau.net/intrusion.html

Sharma, A. & Paliwal, K. (2007). Detecting masquerades using a combination of na¨ıve Bayes and weighted RBF approach. Journal in Computer Virology, 3(3), 237-245.

Shetty, S., Mukkavilli, S. K. & Keel, L. H. (2011). An Integrated Machine Learning and Control Theoretic Model for Mining Concept Drifting Data Streams. IEEE International Conference on Technologies for Homeland Security (HST).

Sridhara, S. M. & Stamp, M. (2013). Metamorphic worm that carries its own morphing engine. Journal of Computer Virology and Hacking Techniques, 9(2), 49-58.

Stamp, M. (2011). Information Security: Principles and Practice (2nded.). Wiley.

Stamp, M. (2012). A Revealing Introduction to Hidden Markov Models. Retrieved from www.cs.sjsu.edu/˜stamp/RUA/HMM.pdf

Tapiador, J. & Clark, J. (2011). Masquerade mimicry attack detection: A randomized approach. Computers and Security, 30(5), 297-310.

Viswanathan, G. R. (2013). Analysis of Kullback-Leibler Divergence for Masquerade Detection, Master’s Project 302. Retrieved from scholarworks.sjsu.edu/etd_projects/302/

Wang, K. & Stolfo, S. (2003). One Class Training for Masquerade Detection. 3rd IEEE Conference Data Mining Workshop on Data Mining for Computer Security. Retrieved from cs.columbia.edu/˜kewang/ paper/ DMSEC-camera.pdf

Yin, Q. (2003). Intrusion detection based on hidden Markov model. Machine Learning and Cybernetics, 5(1), 3115-3118.

Abstract Views: 643

PDF Views: 4

Journal of Network and Information Security

Kullback-Leibler Divergence for Masquerade Detection

Subscribe/Renew Journal

Keywords

Kullback-Leibler Divergence for Masquerade Detection

Authors

Abstract

Keywords

References

Username
Password
Remember me

Username
Password
Remember me