A Hybrid Approach to the Profile Creation and Intrusion Detection Conference Paper

abstract

• 2001 IEEE. Anomaly detection involves characterizing the behaviors of individuals or systems and recognizing behavior that is outside the norm. This paper describes some preliminary results concerning the robustness and generalization capabilities of machine learning methods in creating user profiles based on the selection and subsequent classification of command line arguments. We base our method on the belief that legitimate users can be classified into categories based on the percentage of commands they use in a specified period. The hybrid approach we employ begins with the application of expert rules to reduce the dimensionality of the data, followed by an initial clustering of the data and subsequent refinement of the cluster locations using a competitive network called Learning Vector Quantization. Since Learning Vector Quantization is a nearest neighbor classifier, and new record presented to the network that lies outside a specified distance is classified as a masquerader. Thus, this system does not require anomalous records to be included in the training set.

name of conference

• Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01

authors

• Ragsdale, Daniel

published proceedings

• Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01

author list (cited authors)

• Marin, J., Ragsdale, D., & Surdu, J.

citation count

• 37

complete list of authors

• Marin, Jack||Ragsdale, Daniel||Surdu, John

publication date

• January 2001

publisher

• Institute of Electrical and Electronics Engineers (IEEE)  Publisher

Digital Object Identifier (DOI)

• 10.1109/discex.2001.932193

International Standard Book Number (ISBN) 10

• 0769512127

International Standard Book Number (ISBN) 13

• 9780769512129

start page

• 69

end page

• 76

volume

• 1

URL

• http://dx.doi.org/10.1109/discex.2001.932193