An SVM-Based Masquerade Detection Method with Online Update Using Co-occurrence Matrix

  • Liangwen Chen
  • Masayoshi Aritsugi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4064)


It is required to realize practically useful masquerade detection for secure environments. In this paper, we propose a new masquerade detection method, which is based on support vector machine and using co-occurrence matrix. Our method can be performed with low cost and achieve good detection rate. We also consider online update for adapting to changes of modeled users’ behaviors. We report some experimental results showing our method would be able to work well in real situations.


False Positive Rate Intrusion Detection Command Sequence Good Detection Rate UNIX Command 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Schonlau, M., DuMouchel, W., Ju, W.H., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58–74 (2001)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Maxion, R.A., Townsend, T.N.: Masquerade detection using truncated command lines. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks, pp. 219–228 (2002)Google Scholar
  3. 3.
    Kim, H.S., Cha, S.D.: Empirical evaluation of SVM-based masquerade detection using UNIX commands. Computers & Security 24(2), 160–168 (2005)CrossRefGoogle Scholar
  4. 4.
    Oka, M., Oyama, Y., Abe, H., Kato, K.: Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 223–237. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Ye, N., Li, X., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Transactions on Systems, Man, and Cybernetics – Part A: Systems and Humans 31(4), 266–274 (2001)CrossRefGoogle Scholar
  6. 6.
    Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6(3), 151–180 (1998)Google Scholar
  7. 7.
    Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Trans. Inf. Syst. Secur. 3(4), 227–261 (2000)CrossRefGoogle Scholar
  8. 8.
    Fugate, M., Gattiker, J.R.: Anomaly Detection Enhanced Classification in Computer Intrusion Detection. In: Lee, S.-W., Verri, A. (eds.) SVM 2002. LNCS, vol. 2388, pp. 186–197. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Zhang, Z., Shen, H.: Application of online-training SVMs for real-time intrusion detection with different considerations. Computer Communications 28(12), 1428–1442 (2005)CrossRefGoogle Scholar
  10. 10.
    Joachims, T.: Making large-scale svm learning practical. In: Schölkopf, B., Burges, C.J.C., Smola, A.J. (eds.) Advances in Kernel Methods: Support Vector Learning. MIT Press, Cambridge (1998)Google Scholar
  11. 11.
    Chang, C.C., Lin, C.J.: LIBSVM: a library for support vector machines (2005), Software available at:

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Liangwen Chen
    • 1
  • Masayoshi Aritsugi
    • 1
  1. 1.Department of Computer Science, Faculty of EngineeringGunma UniversityKiryuJapan

Personalised recommendations