Browse by author
Lookup NU author(s): Professor Roy Maxion
Masquerade detection undertakes to determine whether or not one computer user has impersonated another, typically by detecting significant anomalies in the victim’s normal behavior, as represented by a user profile formed from system audit data, command histories, and other information characteristic of individual users. Among the many intrusion/masqueradedetection algorithms in use today is the naive Bayes classifier, which has been observed to perform imperfectly from time to time, as will any detector. This paper investigates the prospect of a naive Bayes flaw that foils the detection of attacks conducted by socalled “super-masqueraders” whose incursions are consistently undetected across an entire range of victims. It is shown, through a rigorous mathematical exposition and an empirical analysis involving over 13,000 experiments, that the detector harbors a weakness (that could be exploited by an attacker) causing it to err under certain conditions. The paper explores and describes those conditions, and suggests how they can be overcome by fortifying the algorithm with a diverse detection capability.
Author(s): Killhourhy KS, Maxion RA
Publication type: Report
Publication status: Published
Series Title: School of Computing Science Technical Report Series
Year: 2004
Pages: 12
Print publication date: 01/11/2004
Source Publication Date: November 2004
Report Number: 869
Institution: School of Computing Science, University of Newcastle upon Tyne
Place Published: Newcastle upon Tyne
URL: http://www.cs.ncl.ac.uk/publications/trs/papers/869.pdf