Session comparison measurement and learning in masquerading detection
2004 (English)Report (Other academic)
In applying command sequence matching to detect masquerading attack, the first important step is to build a user's profile for characterizing normal behavior. In this paper, we proposed a new approach which applies the comparison of arbitrary length of sessions to distinguish users. In this approach, a session is regarded as an integral comparison unit. This method makes it possible to locate command matches in historical command data for long sequences. The testing results show that the method can be used in creating a user's profile. Further, it will pave the road for future work in applying data mining technology to detect potential masqueraders.
Place, publisher, year, edition, pages
Luleå: Luleå tekniska universitet, 2004. , 10 p.
Technical report / Luleå University of Technology, ISSN 1402-1536 ; 2004:14
Research subject Computer and Systems Science
IdentifiersURN: urn:nbn:se:ltu:diva-23502Local ID: 7399f0d0-280c-11dd-8187-000ea68e967bOAI: oai:DiVA.org:ltu-23502DiVA: diva2:996551
Godkänd; 2004; 20080522 (ysko)2016-09-292016-09-29Bibliographically approved