Abstract:
We propose an advanced solution to track persistent computer intruders inside a UNIX-based system by clustering sessions into groups bearing similar characteristics according to expertise and type of work. Our semi-supervised method based on Self-Organizing Map (SOM) accomplishes classification of four types of users: computer scientists, experience programmers, non-programmers, and novice programmers. Our evaluation on a range of biometrics shows that using working directories yields better accuracy (>98.5%) than using most popular parameters like command use or keystroke patterns. © 2009 IEEE.
Registro:
| Documento: |
Conferencia
|
| Título: | Classifying computer session data using self-organizing maps |
| Autor: | Estrada, V.C.; Nakao, A.; Segura, E.C. |
| Ciudad: | Beijing |
| Filiación: | University of Tokyo, 7-3-1, Hongo, Bunkyo-ku Tokyo, 113-0033, Japan
Universidad de Buenos Aires, FCEyN Dto. de Computación, C. Universitaria, (1428), Buenos Aires, Argentina
|
| Palabras clave: | Computer scientists; Computer sessions; Keystroke patterns; Novice programmer; Semi-supervised method; Artificial intelligence; Biometrics; Conformal mapping; Self organizing maps |
| Año: | 2009
|
| Volumen: | 1
|
| Página de inicio: | 48
|
| Página de fin: | 53
|
| DOI: |
http://dx.doi.org/10.1109/CIS.2009.266 |
| Título revista: | 2009 International Conference on Computational Intelligence and Security, CIS 2009
|
| Título revista abreviado: | CIS - Int. Conf. Comput. Intell. Secur.
|
| Registro: | https://bibliotecadigital.exactas.uba.ar/collection/paper/document/paper_97807695_v1_n_p48_Estrada |
Referencias:
- Intruder identification system using honeypots techniques, , http://www.citefa.gov.ar/SitioSI6-EN/si6.htm, R&D Project Paranoid
- Kohonen, T., (2001) Self-Organizing Maps, , Springer, Third Edition
- Kohonen, T., The Self-Organizing Map (1990) Proceedings of the IEEE, 78 (9). , September
- Bertacchini, M., Benitez, C., NCD based masquerader detection using enriched command lines (2007) IV Iberoamerican Congress on Information Security, , CIBSI
- Bertacchini, M., Fierens, P., Preliminary results on masquerader detection using compression based similarity metrics (2006) VIII Argentine Symposium on Artificial Intelligence (ASAI)
- Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y., Computer Intrusion: Detecting Masquerades (2001) Statistical Science, 16, pp. 58-74
- Maxion, R.A., Masquerade Detection Using Enriched Command Lines (2003) Proceedings of International Conference on Dependable Systems and Networks (DSN '03), , San Francisco, CA
- Hoglund, A.J., Hatonen, K., Sorvari, A.S., A computer host-based user anomaly detection system using the self-organizing map, Proceedings of the IEEE-INNS-ENNS International Joint Conference on 5, pp. 411-416, 2000; Gunes Kayacik, H., Nur Zincir-Heywood, A., Heywood, M.I., A hierarchical SOM-based intrusion detection system (2007) Eng. Appl. Artif. Intell, 20 (4), pp. 439-451. , Jun
- Lichodzijewski, P., Network based anomaly detection using self-organizing maps (2002), Bachelor Thesis at Dalhousie University, Halifax, Nova Scotia; Joshi, S.S., Phoha, V.V., Competition between SOM Clusters to Model User Authentication System in Computer Networks (2007) Communication Systems Software and Middleware, 2nd International Conf, pp. 1-8. , 7-12 Jan
- Lane, T., Machine Learning Techniques for the Computer Security Domain of Anomaly Detection (2000), PhD thesis, Purdue University, W. Lafayette, IN, August; Hollmén, J., (2000) User profiling and classification for fraud detection in mobile communications networks, , Helsinki University of Technology, Department of Computer Science and Engineering, Lab. of Computer and Information Science, December
- Rogers, M., A two-dimensional circumplex approach to the development of a hacker taxonomy (2006) Digital Investigation, 3 (2), pp. 97-102. , ISSN 1742-2876, DOI: 10.1016/j.diin.2006.03.001, June
- Voiskounsky, A., Smyslova, O., Flow in Computer Hacking: A Model (2003), pp. 176-186. , Human.Society@Internet, pages; Greenberg, S., (1988) Using Unix: Collected traces of 168 users, , Research report 1988-333-45, Department of Computer Science, University of Calgary, Calgary, Alberta, Canada, December
- Hanson, S., Kraut, R., Farber, J., Interface Design and Multivariate Analysis of UNIX Command Use (1984) ACM Transaction on Office Information Systems, 2 (1), pp. 42-57. , March
- Lichodzijewski, P., Zincir-Heywood, A.N., Heywood, M.I., Host-Based Intrusion Detection Using Self-Organizing Feature Maps (2002) IEEE International Joint Conference on Neural Networks, , May
- Olson, D.L., Delen, D., (2008) Advanced Data Mining Techniques, p. 138. , p, Springer, FebruaryA4 - Beijing Institute of Technology; Guangdong University of Technology; Xidian University; IEEE Computer Society Press
Citas:
---------- APA ----------
Estrada, V.C., Nakao, A. & Segura, E.C.
(2009)
. Classifying computer session data using self-organizing maps. 2009 International Conference on Computational Intelligence and Security, CIS 2009, 1, 48-53.
http://dx.doi.org/10.1109/CIS.2009.266---------- CHICAGO ----------
Estrada, V.C., Nakao, A., Segura, E.C.
"Classifying computer session data using self-organizing maps"
. 2009 International Conference on Computational Intelligence and Security, CIS 2009 1
(2009) : 48-53.
http://dx.doi.org/10.1109/CIS.2009.266---------- MLA ----------
Estrada, V.C., Nakao, A., Segura, E.C.
"Classifying computer session data using self-organizing maps"
. 2009 International Conference on Computational Intelligence and Security, CIS 2009, vol. 1, 2009, pp. 48-53.
http://dx.doi.org/10.1109/CIS.2009.266---------- VANCOUVER ----------
Estrada, V.C., Nakao, A., Segura, E.C. Classifying computer session data using self-organizing maps. CIS - Int. Conf. Comput. Intell. Secur. 2009;1:48-53.
http://dx.doi.org/10.1109/CIS.2009.266