Modelling Dependencies Between Classifiers in Mobile Masquerader Detection

  • Oleksiy Mazhelis
  • Seppo Puuronen
  • Jari Veijalainen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3269)


The unauthorised use of mobile terminals may result in an abuse of sensitive information kept locally on the terminals or accessible over the network. Therefore, there is a need for security means capable of detecting the cases when the legitimate user of the terminal is substituted. The problem of user substitution detection is considered in the paper as a problem of classifying the behaviour of the person interacting with the terminal as originating from the user or someone else. Different aspects of behaviour are analysed by designated one-class classifiers whose classifications are subsequently combined. A modification of majority voting that takes into account some of the dependencies between individual classifiers is proposed as a scheme for combining one-class classifiers. It is hypothesised that by employing the proposed scheme, the classification accuracy may be improved as compared with the base majority voting scheme. The conducted experiments with synthetic data support this hypothesis.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Pointsec Mobile Technologies: Stolen PDAs provide open door to corporate networks. Pointsec News Letter 3, read 05.03.2004 (2003), Available from
  2. 2.
    Straub, D.W., Welke, R.J.: Coping with systems risk: Security planning models for management decision making. MIS Quarterly 22, 441–469 (1998)CrossRefGoogle Scholar
  3. 3.
    Anderson, D., Lunt, T., Javitz, H., Tamaru, A., Valdes, A.: Detecting unusual program behavior using the statistical components of NIDES. SRI Techincal Report SRI-CRL-95-06, Computer Science Laboratory, SRI International, Menlo Park, California (1995)Google Scholar
  4. 4.
    Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16, 58–74 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Seleznyov, A., Puuronen, S.: Using continuous user authentication to detect masqueraders. Information Management & Computer Security Journal 11, 139–145 (2003)CrossRefGoogle Scholar
  6. 6.
    Lane, T., Brodley, C.E.: An empirical study of two approaches to sequence learning for anomaly detection. Machine Learning 51, 73–107 (2003)zbMATHCrossRefGoogle Scholar
  7. 7.
    Clarke, N.L., Furnell, S.M., Lines, B., Reynolds, P.L.: Keystroke dynamics on a mobile handset: A feasibility study. Information Management and Computer Security 11, 161–166 (2003)CrossRefGoogle Scholar
  8. 8.
    Obaidat, M.S., Sadoun, B.: Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man, and Cybernet. Part B: Cybernet. 27, 261–269 (1997)CrossRefGoogle Scholar
  9. 9.
    Samfat, D., Molva, R.: IDAMN: An intrusion detection architecture for mobile networks. IEEE Journal on Selected Areas in Communications 15, 1373–1380 (1997)CrossRefGoogle Scholar
  10. 10.
    Hollmen, J.: User Profiling and Classification for Fraud Detection in Mobile Communications Networks. PhD thesis, Helsinki University of Technology (2000)Google Scholar
  11. 11.
    Tax, D.: One-class classification. Ph.D. thesis, Delft University of Technology (2001)Google Scholar
  12. 12.
    Xu, L., Krzyzak, A., Suen, C.Y.: Methods for combining multiple classifiers and their applications to handwriting recognition. IEEE Transactions on Systems, Man, and Cybernetics 22, 418–435 (1992)CrossRefGoogle Scholar
  13. 13.
    Agrawal, R., Imielinski, T., Swami, A.N.: Mining association rules between sets of items in large databases. In: Buneman, P., Jajodia, S. (eds.) Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data, New York, NY, USA, pp. 207–216. ACM Press, New York (1993)CrossRefGoogle Scholar
  14. 14.
    Barbara, D., Couto, J., Jajodia, S., Wu, N.: ADAM: a testbed for exploring the use of data mining in intrusion detection. SIGMOD Rec. 30, 15–24 (2001)CrossRefGoogle Scholar
  15. 15.
    Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC) 3, 227–261 (2000)CrossRefGoogle Scholar
  16. 16.
    Bishop, C.M.: Neural Networks for Pattern Recognition. Oxford University Press, Oxford (1995)Google Scholar
  17. 17.
    Ye, N., Emran, S.M., Chen, Q., Vilbert, S.: Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Transactions on Computers 51, 810–820 (2002)CrossRefGoogle Scholar
  18. 18.
    Javits, H., Valdes, A.: The SRI IDES statistical anomaly detector. In: IEEE Symposium of Research in Computer Security and Privacy, IEEE Computer Society Press, Los Alamitos (1991)Google Scholar
  19. 19.
    Wolpert, D.H.: Stacked generalization. Neural Networks 5, 241–259 (1992)CrossRefGoogle Scholar
  20. 20.
    Egan, J.P.: Signal detection theory and ROC analysis. Academic Press, New York (1975)Google Scholar
  21. 21.
    Mazhelis, O.: Using meta-learning to reveal dependencies between errors in mobile user substitution detection. Computer science and information systems reports, working papers WP-39, University of Jyväskylä (2004)Google Scholar
  22. 22.
    Agrawal, R., Srikant, R.: Fast algorithms for mining association rules. In: Bocca, J.B., Jarke, M., Zaniolo, C. (eds.) Proc. 20th Int. Conf. Very Large Data Bases, VLDB, San Francisco, CA, USA, pp. 487–499. Morgan Kaufmann Publishers Inc., San Francisco (1994)Google Scholar
  23. 23.
    Bayardo Jr., R., Agrawal, R.: Mining the most interesting rules. In: Fayyad, U., Chaudhuri, S., Madigan, D. (eds.) Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, NY, USA, pp. 145–154. ACM Press, New York (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Oleksiy Mazhelis
    • 1
  • Seppo Puuronen
    • 1
  • Jari Veijalainen
    • 1
  1. 1.University of JyväskyläJyväskyläFinland

Personalised recommendations