Detecting the Abnormal: Machine Learning in Computer Security
Abstract
Two problems of importance in computer security are to 1) detect the presence of an intruder masquerading as the valid user and 2) detect the perpetration of abusive actions on the part of an otherwise innocuous user. In this paper we present a machine learning approach to anomaly detection, designed to handle these two problems. Our system learns a user profile for each user account and subsequently employs it to detect anomalous behavior in that acount. Based on sequences of actions (UNIX commands) of the current user\'s input stream, the system compares each fixed-length input sequence with a historical library of the account\'s command sequences using a similarity measure...
Booktitle
Detecting the Abnormal: Machine Learning in Computer Security
Publication Date
2001-01-01
Contents
INTRODUCTION
LEARNING A USER PROFILE
DETECTING ANAMOLOUS BEHAVIOR
EXPERIMENT 1: PROOF OF CONCEPT
EXPERIMENT 2: INSTANCE SELECTION
CONCLUSIONS AND FUTURE WORK
Keywords
application, learning from positive examples, sequence learning
Subject
Detecting the Abnormal: Machine Learning in Computer Security