Akademik Veri Yönetim Sistemi
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, cilt.13, sa.6, ss.583-590, 2014 (SCI-Expanded)
Although there are many approaches proposed for masquerade detection in the literature, few of them consider concept drift; the problem of distinguishing malicious behaviours from the natural change in user behaviours. Researchers mainly focus on updating user behaviours for adapting concept drift in masquerade detection. However, these approaches rely on the accuracy of the detector and do not take into account malicious instances which are erroneously added to the updating scheme. In this study, we show that conventional approaches based on instance selection are affected dramatically when misclassified intrusive data are added to the training data. Therefore, we propose a new approach based on instance weighting which updates user behaviours gradually according to the weights assigned to each instance, regardless of them being malicious or nonmalicious. The results show that the proposed approach outperforms the other updating schemes in the literature, where the malicious instances are more than 5% of the benign instances in the updating, which is very likely to happen due to the high miss rate of the existing detectors.