Toggle Main Menu Toggle Search

Open Access padlockePrints

Investigating a Possible Flaw in a Masquerade Detection System

Lookup NU author(s): Professor Roy Maxion

Downloads


Abstract

Masquerade detection undertakes to determine whether or not one computer user has impersonated another, typically by detecting significant anomalies in the victim’s normal behavior, as represented by a user profile formed from system audit data, command histories, and other information characteristic of individual users. Among the many intrusion/masqueradedetection algorithms in use today is the naive Bayes classifier, which has been observed to perform imperfectly from time to time, as will any detector. This paper investigates the prospect of a naive Bayes flaw that foils the detection of attacks conducted by socalled “super-masqueraders” whose incursions are consistently undetected across an entire range of victims. It is shown, through a rigorous mathematical exposition and an empirical analysis involving over 13,000 experiments, that the detector harbors a weakness (that could be exploited by an attacker) causing it to err under certain conditions. The paper explores and describes those conditions, and suggests how they can be overcome by fortifying the algorithm with a diverse detection capability.


Publication metadata

Author(s): Killhourhy KS, Maxion RA

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2004

Pages: 12

Print publication date: 01/11/2004

Source Publication Date: November 2004

Report Number: 869

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne

URL: http://www.cs.ncl.ac.uk/publications/trs/papers/869.pdf


Share