Masquerade Detection Using Support Vector Machine
会议名称:《The 1st Chinese Conference on Trusted Computing and Information Security》
会议日期:2005年
学科分类:0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术(可授工学、理学学位)]
基 金:Supported by the National Natural Science Foundation of China (90104005 66973034 60473023)
关 键 词:computer security, intrusion detection masquerade detection user profiling support vector machine
摘 要:正 A new method using support vector data description (SVDD) to distinguish legitimate users from masqueraders based on UNIX user command sequences is proposed. Sliding windows are used to get low detection delay. Experiments demonstrate that the detection effect using enriched sequences is better than that of using truncated sequences. As a SVDD profile is composed of a small amount of support vectors, our SVDD-based method can achieve computation and storage advantage when the detection performance is similar to existing method.