Sciweavers

DSN
2003
IEEE

Masquerade Detection Using Enriched Command Lines

14 years 5 months ago
Masquerade Detection Using Enriched Command Lines
A masquerade attack, in which one user impersonates another, is among the most serious forms of computer abuse, largely because such attacks are often mounted by insiders, and can be very difficult to detect. Automatic discovery of masqueraders is sometimes undertaken by detecting significant departures from normal user behavior, as represented by user profiles based on users’ command histories. A series of experiments performed by Schonlau et al. [12] achieved moderate success in masquerade detection based on a data set comprised of truncated command lines, i.e., single commands, stripped of any accompanying flags, arguments or elements of shell grammar such as pipes or semi-colons. Using the same data, Maxion and Townsend [8] improved on the Schonlau et al. results by 56%, raising
Roy A. Maxion
Added 04 Jul 2010
Updated 04 Jul 2010
Type Conference
Year 2003
Where DSN
Authors Roy A. Maxion
Comments (0)