Title :
Anomaly Instruction Detection of Masqueraders and Threat Evaluation Using Fuzzy Logic
Author :
Yu, Yingbing ; Graham, James H.
Author_Institution :
Dept. of Comput. Sci., Bowling Green
Abstract :
One critical threat facing many organizations is the inside attacks from masqueraders, internal users or external intruders who exploit legitimate user identity and perform malicious attacks. Anomaly intrusion detection systems can be deployed to build a user behavior profile from his/her past activities in a computer system and detect masqueraders if a large deviation is observed. In this paper, we use a finite automata based model to construct a normal behavior reference model from the analysis of shell command sequences. A fuzzy evaluation mechanism is proposed to classify the degree of threat as linguistic terms. The fuzzy number calculated from the output of a fuzzy inference system is compared with predefined generalized fuzzy numbers representing different threat levels. A case will be labeled as the linguistic term which has the highest similarity value with it. Experiments conducted on two data sets both achieved high detection rates of masqueraders and few false alarms, which stand out other methods.
Keywords :
computational linguistics; finite automata; fuzzy logic; fuzzy reasoning; security of data; anomaly instruction detection; finite automata; fuzzy inference system; fuzzy logic; fuzzy number; legitimate user identity; malicious attacks; masquerader detection; normal behavior reference model; predefined linguistic term; security threat evaluation; shell command sequence; Automata; Computer science; Computer security; Cybernetics; Fuzzy logic; Fuzzy reasoning; Fuzzy sets; Fuzzy systems; Intrusion detection; Performance evaluation;
Conference_Titel :
Systems, Man and Cybernetics, 2006. SMC '06. IEEE International Conference on
Conference_Location :
Taipei
Print_ISBN :
1-4244-0099-6
Electronic_ISBN :
1-4244-0100-3
DOI :
10.1109/ICSMC.2006.385207
