Skip to main content
SpringerLink
Log in

Masquerade Detection Based Upon GUI User Profiling in Linux Systems

  • Conference paper
Advances in Computer Science – ASIAN 2007. Computer and Network Security (ASIAN 2007)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4846))

Included in the following conference series:

Abstract

Masquerading or impersonation attack refers to the act of gaining access to confidential data or greater access privileges, while pretending to be legitimate users. Detection of masquerade attacks is of great importance and is a non-trivial task of system security. Detection of these attacks is done by monitoring significant changes in user’s behavior based on his/her computer usage. Traditional detection mechanisms are based on command line system events collected using log files. In a GUI based system, most of the user activities are performed using either mouse movements and clicks or a combination of mouse movements and keystrokes. The command line data cannot capture the complete GUI event behavior of the users hence it is insufficient to detect attacks in GUI based systems. Presently, there is no frame work available to capture the GUI based user behavior in Linux systems. We are proposing a novel approach to capture the GUI based user behavior for Linux systems using our event logging tool. Our experimentation results shows that, the GUI based user behavior can be efficiently used for masquerade attack detection to achieve high detection rates with less false positives. We have applied One-class SVM on the collected data, which requires only training the user’s own legitimate sessions to build up the user’s profile. Our results on GUI data using One-class SVM gives higher detection rates with less false positives compared to a Two-class SVM approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Garg, A., Rahalkar, R., Upadhyaya, S.: Kevin Kwait Profiling Users in GUI Based Systems for Masquerade Detection. In: Proceedings of 7th Annual IEEE Information Assurance Workshop (IAW 2006), United States Military Academy, West Point, New York (June 21-23, 2006)

    Google Scholar 

  2. Heller, K.A., Svore, K.M., Keromytis, A.D., Stolfo, S.J.: One Class Vector Machines for Detecting Anomalous Windows Registry Accesses. In: Proceedings of 2003 International conference on Data Mining- (ICDM 2003) (November19, 2003)

    Google Scholar 

  3. Li, L., Manikopoulos.: Windows NT One-class Masquerade Detection. In: Proceedings of 2004 IEEE,Information Assurance Workshop (IAW 2004), United States Military Academy, West Point, New York (June 2004)

    Google Scholar 

  4. Imsand, E.S., Hamilton Jr., J.A.: GUI Usage Analysis for Masquerade Detection. In: Proceedings of 2007 IEEE, Information Assurance Workshop (IAW 2007), United States Military Academy, West Point, New York (June 21-23, 2007)

    Google Scholar 

  5. Coull, S.E., Branch, J.W., Szymanski, B.K., Breimer, E.A.: Sequence Alignment for Masquerade Detection (2006)

    Google Scholar 

  6. Coull, S., Branch, J., Szymanski, B., Breimer, E.: Intrusion detection: A bioinformatics approach. In: 19th Annual Computer Security Applications Conferences, Las Vegas, Nevada (December 8-12, 2003)

    Google Scholar 

  7. Pusara, M., Brodley, C.: User Re-authentication via mouse movements. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security, Washington D.C., USA (October 29, 2004)

    Google Scholar 

  8. Lane, T., Brodley, C.E.: An Application of Machine Learning to Anomaly Detection. In: Proceedings of Twentieth National Information Systems Security Conference, vol. 1, (Gaithersburgh, MD), pp. 366–380. The National Institute of Standards and Technology and the National Computer Security Center (1997)

    Google Scholar 

  9. Lane, T., Brodley, C.: Sequence Matching and Learning in Anomaly Detection for Computer Security. In: Proceedings of AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, pp. 43–49 (1997)

    Google Scholar 

  10. Schonlau, M., DuMouchel, W., Ju, W.-H., Karr, A.F., M.T., Vardi, Y.: Computer Intrusion: Detecting Masquerades. Statistical Science 16, 58–74 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  11. Maxion, R.A., Townsend, T.N.: Masquerade Detection Using Truncated Command Lines. In: Proceedings of International Conference on Dependable Systems and Networks (DSN 2002), pp. 219–228 (2002)

    Google Scholar 

  12. Maxion, R.A.: Masquerade Detection Using Enriched Command Lines. In: Proceedings of International Conference on Dependable Systems and Networks (DSN 2003), San Francisco, CA (June 2003)

    Google Scholar 

  13. Wang, K., Stolfo, S.J.: One Class Training for Masquerade Detection. In: ICDM Workshop on Data Mining for Computer Security (DMSEC 2003) (2003)

    Google Scholar 

  14. Monrose, F., Rubin, A.: Authentication via Keystroke Dynamics. In: ACM Conference on Computer and Communications Security, pp. 48–56 (1997)

    Google Scholar 

  15. Pusara, M., Brodley, C.E.: User re-authentication via mouse movements. In: VizSEC/DMSEC 2004: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, Washington DC, USA, pp. 1–8 (2004)

    Google Scholar 

  16. Hofmeyr, S., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System Calls. Journal of Computer Security 6(3), 151–180 (1998)

    Google Scholar 

  17. Forrest, S., Hofmeyr, S.A., Somayaji, A.: Computer Immunology. Communications of the ACM 40(10), 88–96 (1997)

    Article  Google Scholar 

  18. Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions using System Calls: Alternative Data Models. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 133–145 (1999)

    Google Scholar 

  19. Wespi, A., Dacier, M., Debar, H.: Intrusion Detection Using Variable-Length Audit Trail Patterns, In Recent Advances in Intrusion Detection. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 110–129. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  20. Feng, H., Kolesnikov, O., Fogla, P., Lee, W., Gong, W.: Anomaly Detection using Call Stack Information. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, California (May 2003)

    Google Scholar 

  21. Joachims, T.: Text Categorization with Support Vector Machines: Learning with many relevant features. In: Nédellec, C., Rouveirol, C. (eds.) Machine Learning: ECML 1998. LNCS, vol. 1398, pp. 137–142. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  22. Joachims, T.: SVM light:Support Vector Machine (2004), http://www.cs.cornell.edu/People/tj/svmlight/index.html

  23. Ghosh, A., Schwartzbard, A., Schatz, M.: Learning Program Behavior Profiles for Intrusion Detection. In: First USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 51–62 (1999)

    Google Scholar 

  24. Levitt, K., Ko, C., Fink, G.: Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring. In: Computer Security Application Conference (1994)

    Google Scholar 

  25. Schonlau, M.: Masquerading User Data (1998), http://www.schonlau.net/intrusion.html

  26. http://developer.kde.org/documentation/books/kde-2.0-development

  27. Dash, S.K., Reddy, K.S., Pujari, A.K.: Episode Based Masquerade Detection. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2005. LNCS, vol. 3803, pp. 251–262. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  28. Kim, H.-s., Cha, S.-D.: Empherical evaluation of SVM-based masquerade detection using UNIX commands. Computers and Security 24, 160–168 (2005)

    Article  Google Scholar 

  29. Bhukya, W.N., Kumar, S., Negi, A.: A study of effectiveness in masquerade detection IEEE TEN CON 2006 14-17, pp. 1–4 Digital Object Identifier 10.1109/TENCON.2006.344199 (November 2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer & Information Sciences, University of Hyderabad, Hyderabad, India

    Wilson Naik Bhukya, Suneel Kumar Kommuru & Atul Negi

Authors
  1. Wilson Naik Bhukya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Suneel Kumar Kommuru
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Atul Negi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Iliano Cervesato

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bhukya, W.N., Kommuru, S.K., Negi, A. (2007). Masquerade Detection Based Upon GUI User Profiling in Linux Systems. In: Cervesato, I. (eds) Advances in Computer Science – ASIAN 2007. Computer and Network Security. ASIAN 2007. Lecture Notes in Computer Science, vol 4846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76929-3_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76929-3_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76927-9

  • Online ISBN: 978-3-540-76929-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation