Computer Intrusion Detection Through Statistical Analysis and Prediction Modeling
Loading...
Authors
Evangelista, Paul
Issue Date
2005
Type
Theses or dissertations
Language
Keywords
Information Security , Computer Intrusion
Alternative Title
Abstract
Information security is very important in today’s society. Computer intrusion is one type of security infraction that poses a threat to all of us. Almost every
person in modern parts of the world depend upon automated information. Information systems deliver paychecks on time, manage taxes, transfer funds, deliver important information that enables decisions, and maintain situational awareness in many different ways. Interrupting, corrupting, or destroying this information is a real threat. Computer attackers, often posing as intruders masquerading as authentic users, are the nucleus of this threat. Preventive computer security measures often do not provide enough; digital firms need methods to detect attackers who have breached firewalls or other barriers. This thesis explores techniques to detect computer intruders based upon UNIX command usage of authentic users compared against command usage of attackers. The hypothesis is that computing behavior of authentic users differs from the computing behavior of attackers. In order to explore this hypothesis, seven different variables that measure computing commands are created and utilized to perform predictive modeling to determine the
presence or absence of a attacker. This is a classification problem that involves two known groups: intruders and non intruders. Techniques explored include a proven algorithm published by Matthius Schonlau in [17] and several predictive model variations utilizing the aforementioned seven variables; predictive models include linear discrimination analysis, clustering, kernel partial least squares learning machines.
Description
Citation
Evangelista, Paul, "Computer Intrusion Detection Through Statistical Analysis and Prediction Modeling" (2005).
Publisher
Rensselaer Polytechnic Institute