Scott Coull, Joel Branch, Boleslaw Szymanski
Rensselaer Polytechnic Institute
This paper addresses the problem of detecting masquerading, a security attack in which an intruder assumes the identity of a legitimate user. Many approaches based on Hidden Markov Models and various forms of Finite State Automata were proposed to solve this problem. The novelty of our approach results from application of techniques used in bioinformatics for a pair-wise sequence alignment to compare the monitored session with the past user behavior. Our algorithm uses a semi-global alignment and a unique scoring system to measure similarity between a sequence of commands produced by a potential intruder and the user signature, which is a sequence of commands collected from a legitimate user. We tested this algorithm on the standard intrusion data collection set. As discussed in the paper, the results of the test showed that the described algorithm yields a promising combination of intrusion detection rate and false positive rate, when compared to the published intrusion detection algorithms.
Keywords: Intrusion detection, sequence alignment, bioinformatics, masquerade detection, pattern matching
Read Paper (in PDF)