Authors: Adesina Simon Sodiya, Olusegun Folorunso, Saidat Adebukola Onashoga, Omoniyi Paul Ogunderu
International Journal of Network Security, Vo1.12, No.3, PP.211-220, May 2011
Abstract
Masquerading is a security attack in which an intruder assumes the identity of a legitimate user. Semi-global alignment algorithm has been the best of known dynamic sequence alignment algorithm
for detecting masqueraders. Though, the algorithm proves better than any other pair-wise sequence alignment algorithms such as local and global alignment algorithms, however, the problem of false positive and false negative have not been reduced to the barest minimum. Many previous works on masquer-ade detection using sequence alignment have difficulty at choosing the scoring system on which the algorithms base their optimal scores on. Hence, they resolved to assum-ing (or picking) a set of scores which they referred to as a unique scoring function for their experiment. In this work, an improved semi-global alignment called Cross-semiglobal algorithm, is designed to improve the efficiency of masquerade detection. In the previous pair-wise algo-rithms, a fix value is always assumed as the gaps score. In Cross-semiglobal algorithm, the scoring function on which the algorithms based their scores is constructed from le-gitimate users’ sequence of commands. This principle was implemented using platform independent C/C++ frame-work. The designed was tested using a systematically gen-erated ASCII coded sequence audit data from Windows and UNIX operating systems as simulations for standard non-intrusive and intrusion data. The result shows a re-duction in false positive rate from 7.7% using semi-global alignment to 5.4% using cross-semiglobal. The detection efficiency was also improved by 7.7%.
Â