Research Of Masquerade Detection System Based On Multiple Behaviors

Masquerade intrusion stands for attack by unauthorized users to obtainaccess to confidential data or conduct other illegal operation, which is alwayscategorized into two kinds: physical and remote masquerade intrusion. Inrecent years, as one significant part of Intrusion Detection System,masquerade detection has been arousing plenty of interest from both academiaand industry and meanwhile playing an important role in information securityengineering. Although a number of researchers have achieved feasiblemasquerade detection system, the current detection system suffers from thefollowing disadvantage: lack of diversity for behavioral features, neglect ofuser network-based behavior and absence of privacy preservation. To solvethe above problems, a user profile technique is innovatively proposed basedon multiple behaviors, with which two masquerade detection systems aredesigned and achieved, in order to respectively work with different scenarios.Firstly, a comprehensive user modeling technique is well proposed, whichis composed of host-based features and network-based features. In terms ofnetwork-based behavior, flow-based characteristics are used in the userprofiling model. The experimental results prove the rationality of the abovemodel.Secondly, a detection system based on AdaBoost-SVM algorithm ispresented, in order to deal with physical masquerade intrusion. Furthermore, aprivacy-preserving detection system is achieved to deal with remotemasquerade detection, in which fully homomorphic encryption and fuzzyhashing techniques are adopted.Besides, experiments have been conducted respectively on the above twosystems. The result tells that the two systems are well tailored to different scenarios. The first system has an ideal accuracy, which makes it a good fitfor corporate intranet while the second system, with its virtue of privacyprotection, is a fair match for Internet website. Security and feasibility forboth systems are well proved.In conclusion, a masquerade detection system based on multiple behaviorsis presented in this paper. Experiments with a real world dataset empiricallydemonstrate the promising feasibility and performance of the proposedmethod, which offers a strong technology support for the large-scaledeployment of masquerade detection system.