Misfeasor classification and detection models using machine learning techniques

Nesrine Sameh, Neamat El Gayar, Nahswa Abdel-Baki

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Misfeasors (or insiders) are considered among the most difficult intruders to detect due to their knowledge and authorization within the organization. Machine learning techniques have been widely used for intrusion detection but only little work has addressed the use of machine learning for detecting and classifying different types of insiders. The aim of this study is to exploit different recognition models for misfeasors detection by adding the Mac address as a feature in classification. Three different recognition models (a Rule Based Model, a Hierarchical Classification Model and a Composite Feature Model) are proposed. The models differ mainly in the amount of prior knowledge required for the problem and hence how training data is used to construct the models. The Rule Based Model uses explicit domain classification rules given by expert to detect insiders. The Hierarchical Classification Model uses some domain specific knowledge to manufacture the training data in order to construct the hierarchy in the recognition model. The Composite Feature Model on the other hand attempts to discover classification rules directly from the training data without any prior knowledge. All three proposed classification models are tested on two benchmark data sets and are evaluated using different performance measures. Results for the different models are presented and compared for several classification techniques. Experiments reveal that using machine learning at different levels in the proposed models yield a good approximation for the classification rules for the problem of misfeasor detection.

Original languageEnglish
Title of host publicationProceedings of the IADIS International Conference Intelligent Systems and Agents 2010 and European Conference Data Mining 2010
PublisherIADIS Press
Pages51-58
Number of pages8
ISBN (Print)9789728939236
Publication statusPublished - 2010
EventIADIS International Conference Intelligent Systems and Agents 2010 part of the IADIS Multi Conference on Computer Science and Information Systems 2010 - Freiburg, Germany
Duration: 28 Jul 201031 Jul 2010

Conference

ConferenceIADIS International Conference Intelligent Systems and Agents 2010 part of the IADIS Multi Conference on Computer Science and Information Systems 2010
CountryGermany
CityFreiburg
Period28/07/1031/07/10

Keywords

  • Intrusion detection
  • Mac address
  • Machine learning
  • Masqueraders
  • Misfeasors

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems
  • Software

Fingerprint Dive into the research topics of 'Misfeasor classification and detection models using machine learning techniques'. Together they form a unique fingerprint.

  • Cite this

    Sameh, N., El Gayar, N., & Abdel-Baki, N. (2010). Misfeasor classification and detection models using machine learning techniques. In Proceedings of the IADIS International Conference Intelligent Systems and Agents 2010 and European Conference Data Mining 2010 (pp. 51-58). IADIS Press.