One-Class Training for Masquerade Detection
We extend prior research on masquerade detection using UNIX commands issued by users as the audit source. Previous studies using multi-class training requires gathering data from multiple users to train specific profiles of self and non-self for each user. One-class training uses data representative of only one user. We apply one-class Naïve Bayes using both the multivariate Bernoulli model and the Multinomial model, and the one class SVM algorithm. The result shows that one-class training for this task works as well as multi-class training, with the great practical advantages of collecting much less data and more efficient training. One-class SVM using binary features performs best among the one-class training algorithms.
- DMSEC-camera.pdf application/pdf 282 KB Download File
More About This Work
- Academic Units
- Computer Science
- Published Here
- April 30, 2010
Presented at ICDM Workshop on Data Mining for Computer Security, Melbourne, FL, November 19, 2003.