Optimized Naive-Bayes Detection System

A Masquerader is a malicious user who tries to gain access or control of a system from a proper user. The objective of this thesis is to increase the accuracy of the existing Nave-Bayes Algorithm for detecting Masquerade attempts. We have an Online and an Offline classifier. The Classifier used in our experiments is the Nave-Bayes Classifier. Although the dataset is being learned by the Online and the Offline classifier simultaneously, the online classifier makes an instantaneous decision whereas the Offline makes it after a specified span of time. We try to increase the accuracy of the detection system by increasing the number of parameters within the dataset and also by the introduction of a Toggling factor between the Online and the Offline classifiers. The Nave-Bayes classifier builds a proper user model and an improper model from the training dataset. The Test sessions are classified against these models. The E-M Algorithm was used to generate a probabilistic score for the unidentified sessions in the testing phase. The dataset was prepared from the log files of different users that logged into the Computer Science Administrative Server (a.cs.okstate.edu) for Oklahoma State University. Experimental results demonstrate that the Online & Offline classifier with commands and the extra parameter namely the CPU time outperformed the Online & Offline classifier with commands in terms of both the false alarm rate and the hit rate.Computer Science Departmen