Abstract

To gain access to account privileges, an intruder masquerades as the proper account user. Information from user feedback helps to improve the accuracy of classifiers used for detecting masquerades. Instead of operating in isolation, the online sequential classifier can request feedback from the user. In the full-feedback policy, the classifier verifies every session; in the feedback-on-alarm policy, the classifier confirms only suspicious sessions. Surprisingly, confirming only a few sessions under the feedback-on-alarm policy is enough to be competitive with verifying all sessions under the full-feedback policy. Experiments on a standard artificial dataset demonstrate that the naive-Bayes classifier boosted by the feedback-on-alarm policy beats the previous best-performing detector and reduces the number of missing alarms by 30%.

Links

• Zhou et al., 2003

Citation

Yung, K.H., 2003. Using Feedback to Improve Masquerade Detection, in: Zhou, J., Yung, M., Han, Y. (Eds.), Applied Cryptography and Network Security, Lecture Notes in Computer Science. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 48–62. https://doi.org/10.1007/978-3-540-45203-4_4