Academic Commons

Articles

One-Class Training for Masquerade Detection

Wang, Ke; Stolfo, Salvatore

We extend prior research on masquerade detection using UNIX commands issued by users as the audit source. Previous studies using multi-class training requires gathering data from multiple users to train specific profiles of self and non-self for each user. One-class training uses data representative of only one user. We apply one-class Naïve Bayes using both the multivariate Bernoulli model and the Multinomial model, and the one class SVM algorithm. The result shows that one-class training for this task works as well as multi-class training, with the great practical advantages of collecting much less data and more efficient training. One-class SVM using binary features performs best among the one-class training algorithms.

Subjects

Files

More About This Work

Academic Units
Computer Science
Published Here
April 30, 2010

Notes

Presented at ICDM Workshop on Data Mining for Computer Security, Melbourne, FL, November 19, 2003.

Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.