Bagging-RandomMiner: a one-class classifier for file access-based masquerade detection

Dependence on personal computers has required the development of security mechanisms to protect the information stored in these devices. There have been different approaches to profile user behavior to protect information from a masquerade attack; one such recent approach is based on user file-acces...

Full description

Saved in:
Bibliographic Details
Published inMachine vision and applications Vol. 30; no. 5; pp. 959 - 974
Main Authors Camiña, José Benito, Medina-Pérez, Miguel Angel, Monroy, Raúl, Loyola-González, Octavio, Villanueva, Luis Angel Pereyra, Gurrola, Luis Carlos González
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.07.2019
Springer Nature B.V
Subjects
Classification
Classifiers
Communications Engineering
Computer Science
Computer simulation
Datasets
Dependence
Image Processing and Computer Vision
Networks
Pattern Recognition
Personal computers
Repositories
Special Issue Paper
Vision systems
information security
File access
One-class classification
Masquerade detection
User behavior
Online AccessGet full text

Cover

More Information
Summary:Dependence on personal computers has required the development of security mechanisms to protect the information stored in these devices. There have been different approaches to profile user behavior to protect information from a masquerade attack; one such recent approach is based on user file-access patterns. In this paper, we propose a novel classification ensemble for file access-based masquerade detection. We have successfully validated the hypothesis that a one-class classification approach to file access-based masquerade detection outperforms a multi-class one. In particular, our proposed one-class classifier significantly outperforms several state-of-the-art multi-class classifiers. Our results indicate that one-class classification attains better classification results, even when unknown attacks arise. Additionally, we introduce three new repositories of datasets for the identification of the three main types of attacks reported in the literature, where each training dataset contains no object belonging to the type of attack to be identified. These repositories can be used for testing future classifiers, simulating attacks carried out in a real scenario.
ISSN:0932-8092
1432-1769
DOI:10.1007/s00138-018-0957-4