Title :
Dynamic model selection with its applications to computer security
Author :
Maruyama, Yuko ; Yamanishi, Kenji
Author_Institution :
NEC Corp., Kanagawa, Japan
Abstract :
In recent years there has been increased interest in detecting anomalies in network traffic data/audit logs for computer security. With the appearance of a masquerader, for example, any new anomalous behavior pattern may be observed in command line data, and it is an important issue to detect the emergence of such a pattern as early as possible. This paper addresses this issue of anomaly detection by dynamically selecting statistical models from data. Our goal is here not to select a single model over the data as in conventional statistical model selection, but to select a time series of optimal models efficiently, assuming that the true model may change over time. We call this approach dynamic model selection. We first propose a coding-theoretic criterion for dynamic model selection. Next, we propose two dynamic model selection algorithms attaining the minimum of the criteria and analyze their performance. Finally we demonstrate the validity of our algorithms through real application to masquerade detection using UNIX command sequences.
Keywords :
Unix; computer network management; encoding; sequences; telecommunication security; time series; UNIX command sequences; anomaly detection; coding-theoretic criterion; computer security; dynamic model selection; masquerade detection; optimal models; performance; statistical models; time series; Algorithm design and analysis; Application software; Change detection algorithms; Computer security; Electronic mail; Intrusion detection; National electric code; Performance analysis; Telecommunication traffic; Traffic control;
Conference_Titel :
Information Theory Workshop, 2004. IEEE
Print_ISBN :
0-7803-8720-1
DOI :
10.1109/ITW.2004.1405279
