Abstract
The unauthorised use of mobile terminals may result in an abuse of sensitive information kept locally on the terminals or accessible over the network. Therefore, there is a need for security means capable of detecting the cases when the legitimate user of the terminal is substituted. The problem of user substitution detection is considered in the paper as a problem of classifying the behaviour of the person interacting with the terminal as originating from the user or someone else. Different aspects of behaviour are analysed by designated one-class classifiers whose classifications are subsequently combined. A modification of majority voting that takes into account some of the dependencies between individual classifiers is proposed as a scheme for combining one-class classifiers. It is hypothesised that by employing the proposed scheme, the classification accuracy may be improved as compared with the base majority voting scheme. The conducted experiments with synthetic data support this hypothesis.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Pointsec Mobile Technologies: Stolen PDAs provide open door to corporate networks. Pointsec News Letter 3, read 05.03.2004 (2003), Available from http://www.pointsec.com/news/newspressroom.asp
Straub, D.W., Welke, R.J.: Coping with systems risk: Security planning models for management decision making. MIS Quarterly 22, 441–469 (1998)
Anderson, D., Lunt, T., Javitz, H., Tamaru, A., Valdes, A.: Detecting unusual program behavior using the statistical components of NIDES. SRI Techincal Report SRI-CRL-95-06, Computer Science Laboratory, SRI International, Menlo Park, California (1995)
Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16, 58–74 (2001)
Seleznyov, A., Puuronen, S.: Using continuous user authentication to detect masqueraders. Information Management & Computer Security Journal 11, 139–145 (2003)
Lane, T., Brodley, C.E.: An empirical study of two approaches to sequence learning for anomaly detection. Machine Learning 51, 73–107 (2003)
Clarke, N.L., Furnell, S.M., Lines, B., Reynolds, P.L.: Keystroke dynamics on a mobile handset: A feasibility study. Information Management and Computer Security 11, 161–166 (2003)
Obaidat, M.S., Sadoun, B.: Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man, and Cybernet. Part B: Cybernet. 27, 261–269 (1997)
Samfat, D., Molva, R.: IDAMN: An intrusion detection architecture for mobile networks. IEEE Journal on Selected Areas in Communications 15, 1373–1380 (1997)
Hollmen, J.: User Profiling and Classification for Fraud Detection in Mobile Communications Networks. PhD thesis, Helsinki University of Technology (2000)
Tax, D.: One-class classification. Ph.D. thesis, Delft University of Technology (2001)
Xu, L., Krzyzak, A., Suen, C.Y.: Methods for combining multiple classifiers and their applications to handwriting recognition. IEEE Transactions on Systems, Man, and Cybernetics 22, 418–435 (1992)
Agrawal, R., Imielinski, T., Swami, A.N.: Mining association rules between sets of items in large databases. In: Buneman, P., Jajodia, S. (eds.) Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data, New York, NY, USA, pp. 207–216. ACM Press, New York (1993)
Barbara, D., Couto, J., Jajodia, S., Wu, N.: ADAM: a testbed for exploring the use of data mining in intrusion detection. SIGMOD Rec. 30, 15–24 (2001)
Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC) 3, 227–261 (2000)
Bishop, C.M.: Neural Networks for Pattern Recognition. Oxford University Press, Oxford (1995)
Ye, N., Emran, S.M., Chen, Q., Vilbert, S.: Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Transactions on Computers 51, 810–820 (2002)
Javits, H., Valdes, A.: The SRI IDES statistical anomaly detector. In: IEEE Symposium of Research in Computer Security and Privacy, IEEE Computer Society Press, Los Alamitos (1991)
Wolpert, D.H.: Stacked generalization. Neural Networks 5, 241–259 (1992)
Egan, J.P.: Signal detection theory and ROC analysis. Academic Press, New York (1975)
Mazhelis, O.: Using meta-learning to reveal dependencies between errors in mobile user substitution detection. Computer science and information systems reports, working papers WP-39, University of Jyväskylä (2004)
Agrawal, R., Srikant, R.: Fast algorithms for mining association rules. In: Bocca, J.B., Jarke, M., Zaniolo, C. (eds.) Proc. 20th Int. Conf. Very Large Data Bases, VLDB, San Francisco, CA, USA, pp. 487–499. Morgan Kaufmann Publishers Inc., San Francisco (1994)
Bayardo Jr., R., Agrawal, R.: Mining the most interesting rules. In: Fayyad, U., Chaudhuri, S., Madigan, D. (eds.) Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, NY, USA, pp. 145–154. ACM Press, New York (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mazhelis, O., Puuronen, S., Veijalainen, J. (2004). Modelling Dependencies Between Classifiers in Mobile Masquerader Detection. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-30191-2_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive