A hybrid approach to masquerade detection
Masquerade attack, which occurs when an intruder assumes the identity of a legitimate user, has become a serious security challenge to several organizations. Several algorithms have been proposed to tackle this attack and sequence alignment algorithms are the most widely proposed by researchers. The general approach in sequence alignment algorithm is to create user models by analyzing past usage patterns of legitimate users and comparing them with the current session. Many algorithms in use today are still quite not efficient because they have low hit ratio and they do not excellently combine the jobs of both detecting and comparing patterns. In this work, a hybrid approach that combined Naïve Bayes and Semi-Global alignment (Nab-Sem) for efficient masquerade detection is proposed. The purpose of this work is to separate the user modeling and session comparing tasks for better performance. Naïve Bayes was used to recognize patterns in the users’ blocks and Semi-global alignment was used to compare a test block to the user generated pattern. This work was implemented using Microsoft Visual C# and tested using a systematically generated ASCII coded sequence used to represent simulations for standard intrusion and non-intrusion data. The result shows an increase in the detection accuracy from 66.2% using Naïve Bayes, 68.2% using Semiglobal alignment to 93% using Nab-Sem. This reveals an improved approach to masquerade detection.
Keywords: Masquerade attack, Sequence alignment, Intrusion, Semi-global alignment, Pattern marching.