Skip to Main Content
We address the problem of detecting masquerading, a security attack in which an intruder assumes the identity of a legitimate user. Many approaches based on hidden Markov models and various forms of finite state automata have been proposed to solve this problem. The novelty of our approach results from the application of techniques used in bioinformatics for a pair-wise sequence alignment to compare the monitored session with past user behavior. Our algorithm uses a semiglobal alignment and a unique scoring system to measure similarity between a sequence of commands produced by a potential intruder and the user signature, which is a sequence of commands collected from a legitimate user. We tested this algorithm on the standard intrusion data collection set. As discussed, the results of the test showed that the described algorithm yields a promising combination of intrusion detection rate and false positive rate, when compared to published intrusion detection algorithms.
Date of Conference: 8-12 Dec. 2003