| Presentation | 2008-12-17 A Masquerade Detecting Method Based On the TF-IDF Model Geng Dai, Zhou Jian, Haruhiko Shirai, Jousuke Kuroiwa, Tomohire Odaka, Hisakazu Ogura, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Masquerade is someone who impersonates another user and operates computer system with privileged access. Computer security caused by masquerade is in a serious situation. Many researches have been proposed from different viewpoints. For the variability of user behavior and the similarity between the behavior of masquerade and that of normal user, it's difficult to gain a satisfy detection efficiency. Especially, these researches conducted their experiments on the benchmark datasets of Unix command sequence, so that efficiency of different methods could be compared. In this study, we proposed to apply the Term Frequency/Inverse Document Frequency (TF-IDF) model, which has been widely used in text classification in Natural Language Processing (NLP), to masquerade detection. Command was treated as word, and session was treated as paragraph. Therefore, the classification problem between normal and masquerade could be looked as the classification of text. A new formula of TF-IDF was proposed, and a ranking scheme was also further presented to improve detection efficiency. Experiment was conducted on a benchmark data, and experimental results show that it reports better detection efficiency than that of the previous Uniqueness method. Though, only the characteristic of command frequency is considered at the moment, it gains an encouraging detection efficiency. A better efficiency is expected to be gained in future research by updating. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Masquerade detection / Command sequence / TF-IDF / Unix |
| Paper # | ISEC2008-94 |
| Date of Issue |
| Conference Information | |
| Committee | ISEC |
|---|---|
| Conference Date | 2008/12/10(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Security (ISEC) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Masquerade Detecting Method Based On the TF-IDF Model |
| Sub Title (in English) | |
| Keyword(1) | Masquerade detection |
| Keyword(2) | Command sequence |
| Keyword(3) | TF-IDF |
| Keyword(4) | Unix |
| 1st Author's Name | Geng Dai |
| 1st Author's Affiliation | University of Fukui() |
| 2nd Author's Name | Zhou Jian |
| 2nd Author's Affiliation | Univ. of Fukui |
| 3rd Author's Name | Haruhiko Shirai |
| 3rd Author's Affiliation | Univ. of Fukui |
| 4th Author's Name | Jousuke Kuroiwa |
| 4th Author's Affiliation | Univ. of Fukui |
| 5th Author's Name | Tomohire Odaka |
| 5th Author's Affiliation | Univ. of Fukui |
| 6th Author's Name | Hisakazu Ogura |
| 6th Author's Affiliation | Univ. of Fukui |
| Date | 2008-12-17 |
| Paper # | ISEC2008-94 |
| Volume (vol) | vol.108 |
| Number (no) | 355 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |