Abstract
This article presents a masquerade detection system based on principal component analysis (PCA) and radial basics function (RBF) neural network. The system first creates a profile defining a normal user’s behavior, and then compares the similarity of a current behavior with the created profile to decide whether the input instance is valid user or masquerader. In order to avoid overfitting and reduce the computational burden, user behavior principal features are extracted by the PCA method. RBF neural network is used to distinguish valid user or masquerader after training procedure has been completed by unsupervised learning and supervised learning. In the experiments for performance evaluation the system achieved a correct detection rate equal to 74.6% and a false detection rate equal to 2.9%, which is consistent with the best results reports in the literature for the same data set and testing paradigm.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Maxion, R.A., Townsend, T.N.: Masquerade detection using truncated command lines. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks DNS 2002, Washington, D.C., United States, June 23-26. IEEE Computer Society, Los Alamitos (2002)
Maxion, R.A.: Masquerade Detection Using Enriched Command Lines. In: International Conference on Dependable Systems and Networks, San Francisco, CA, United States, June 22-25, Institute of Electrical and Electronics Engineers Computer Society (2003)
Schonlau, M., Theus, M.: Detecting masquerades in intrusion detection based on unpopular commands. Information Processing Letters 76(1-2), 33–38 (2000)
Schonlau, M., et al.: Computer Intrusion: Detecting Masquerades. Statistical Science 16(1), 58–74 (2001)
Yung, K.H.: Using self-consistent naive-Bayes to detect masquerades. In: 8th Pacific-Asia Conference, PAKDD 2004, Sydney, Australia, May 26-28. Springer, Heidelberg (2004)
Kim, H.-S., Cha, S.-D.: Efficient masquerade detection using SVM based on common command frequency in sliding windows. IEICE Transactions on Information and Systems E87-D(11), 2446–2452 (2004)
Kim, H.-S., Cha, S.-D.: Empirical evaluation of SVM-based masquerade detection using UNIX commands. Computers and Security 24(2), 160–168 (2005)
Seleznyov, A., Puuronen, S.: Using continuous user authentication to detect masqueraders. Information Management and Computer Security 11(2-3), 139–145 (2003)
Okamoto, T., Watanabe, T., Ishida, Y.: Towards an immunity-based system for detecting masqueraders. In: Palade, V., Howlett, R.J., Jain, L. (eds.) KES 2003. LNCS, vol. 2773. Springer, Heidelberg (2003)
Oka, M., et al.: Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 223–237. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, Z., Li, Z., Li, Y., Liu, B. (2005). Masquerade Detection System Based on Principal Component Analysis and Radial Basics Function. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_46
Download citation
DOI: https://doi.org/10.1007/11596981_46
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)