Abstract
In computer security, masquerade detection is a special type of intrusion detection problem. Effective and early intrusion detection is a crucial factor for computer security. Although considerable work has been focused on masquerade detection for more than a decade, achieving a high level of accuracy and a comparatively low false alarm rate is still a big challenge. In this paper, we present a comprehensive empirical study in the area of anomaly-based masquerade detection using three deep learning models, namely, Deep Neural Networks (DNN), Long Short-Term Memory Recurrent Neural Networks (LSTM-RNN), and Convolutional Neural Networks (CNN). In order to surpass previous studies on this subject, we used three UNIX command line-based datasets, with six variant data configurations implemented from them. Furthermore, static and dynamic masquerade detection approaches were utilized in this study. In a static approach, DNN and LSTM-RNN models are used along with a Particle Swarm Optimization-based algorithm for their hyperparameters selection. On the other hand, a CNN model is employed in a dynamic approach. Moreover, twelve well-known evaluation metrics are used to assess model performance in each of the data configurations. Finally, intensive quantitative and ROC curves analyses of results are provided at the end of this paper. The results not only show that deep learning models outperform all traditional machine learning methods in the literature but also prove their ability to enhance masquerade detection on the used datasets significantly.
Highlights
In computer security domain, a masquerader is defined as an intruder seeking to mimic a genuine client
We presented an extensive empirical study for masquerade detection using Deep Neural Networks (DNN), Long Short-Term Memory (LSTM)-Recurrent Neural Networks (RNN), and Convolutional Neural Networks (CNN) models
The static approach is performed by using DNN and LSTM-RNN models which are applied on data configurations with static numeric features, and the dynamic approach is performed by using CNN model that extracted features from user’s command text files dynamically
Summary
A masquerader is defined as an intruder seeking to mimic a genuine client. A masquerade attack takes place when a masquerader gets unauthorized access to a legitimate user’s information by using his legitimate access credentials These attacks are considered being among the most serious threats to computer security. Anomaly-based detection can be used for either known or unknown masquerade attacks. This advantage makes anomaly-based detection approach popular and a vast amount of prior studies has been published on this topic in the last decade [2]. There are many anomaly-based detection techniques that are used, but among them, machine learning methods are the most commonly used approaches due to their ability to learn from data and distinguish between normal and malicious users [3]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
