Masquerade Detection System Based on Principal Component Analysis and Radial Basics Function

  • Zhanchun Li
  • Zhitang Li
  • Yao Li
  • Bin Liu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3802)


This article presents a masquerade detection system based on principal component analysis (PCA) and radial basics function (RBF) neural network. The system first creates a profile defining a normal user’s behavior, and then compares the similarity of a current behavior with the created profile to decide whether the input instance is valid user or masquerader. In order to avoid overfitting and reduce the computational burden, user behavior principal features are extracted by the PCA method. RBF neural network is used to distinguish valid user or masquerader after training procedure has been completed by unsupervised learning and supervised learning. In the experiments for performance evaluation the system achieved a correct detection rate equal to 74.6% and a false detection rate equal to 2.9%, which is consistent with the best results reports in the literature for the same data set and testing paradigm.


Radial Basic Function Hide Node Radial Basic Function Neural Network Cooccurrence Matrix False Detection Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Maxion, R.A., Townsend, T.N.: Masquerade detection using truncated command lines. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks DNS 2002, Washington, D.C., United States, June 23-26. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  2. 2.
    Maxion, R.A.: Masquerade Detection Using Enriched Command Lines. In: International Conference on Dependable Systems and Networks, San Francisco, CA, United States, June 22-25, Institute of Electrical and Electronics Engineers Computer Society (2003)Google Scholar
  3. 3.
    Schonlau, M., Theus, M.: Detecting masquerades in intrusion detection based on unpopular commands. Information Processing Letters 76(1-2), 33–38 (2000)CrossRefGoogle Scholar
  4. 4.
    Schonlau, M., et al.: Computer Intrusion: Detecting Masquerades. Statistical Science 16(1), 58–74 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Yung, K.H.: Using self-consistent naive-Bayes to detect masquerades. In: 8th Pacific-Asia Conference, PAKDD 2004, Sydney, Australia, May 26-28. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Kim, H.-S., Cha, S.-D.: Efficient masquerade detection using SVM based on common command frequency in sliding windows. IEICE Transactions on Information and Systems E87-D(11), 2446–2452 (2004)Google Scholar
  7. 7.
    Kim, H.-S., Cha, S.-D.: Empirical evaluation of SVM-based masquerade detection using UNIX commands. Computers and Security 24(2), 160–168 (2005)CrossRefGoogle Scholar
  8. 8.
    Seleznyov, A., Puuronen, S.: Using continuous user authentication to detect masqueraders. Information Management and Computer Security 11(2-3), 139–145 (2003)Google Scholar
  9. 9.
    Okamoto, T., Watanabe, T., Ishida, Y.: Towards an immunity-based system for detecting masqueraders. In: Palade, V., Howlett, R.J., Jain, L. (eds.) KES 2003. LNCS, vol. 2773. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Oka, M., et al.: Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 223–237. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Zhanchun Li
    • 1
  • Zhitang Li
    • 1
  • Yao Li
    • 1
  • Bin Liu
    • 1
  1. 1.Network and Computer CenterHuazhong University of Science and TechnologyWuhanChina

Personalised recommendations