Covariance matrix method based technique for masquerade detection

Abstract

In masquerade attack, the attacker access legitimate user's computer and impersonates that legitimate user. It can be the most serious form of computer abuse. Since masquerade detection is an anomaly based intrusion detection, a legitimate user profile is created and detection is done based on this user profile. In this paper, User profile is created from covariance matrices. A noticeable deviation from legitimate user profile is classified as masquerade attack. The work is done on the Schonlau dataset [1]. The experiment with attack features and legitimate features is conducted and it provides 100% accuracy rate for both attack data and legitimate data.