An Improved Semi-Global Alignment Algorithm for Masquerade Detection

10.6633/IJNS.201107.13(1).04

Adesina Simon Sodiya；Olusegun Folorunso；Saidat Adebukola Onashoga；Omoniyi Paul Ogunderu

Cross-semiglobal algorithm ； gaps scores ； masquerading ； sequence alignment ； semi-global algorithm

International Journal of Network Security

13卷1期（2011 / 07 / 01）

31 - 40

英文

Masquerading is a security attack in which an intruder assumes the identity of a legitimate user. Semi-global alignment algorithm has been the best of known dynamic sequence alignment algorithm for detecting masqueraders. Though, the algorithm proves better than any other pair-wise sequence alignment algorithms such as local and global alignment algorithms, however, the problem of false positive and false negative have not been reduced to the barest minimum. Many previous works on masquerade detection using sequence alignment have difficulty at choosing the scoring system on which the algorithms base their optimal scores on. Hence, they resolved to assuming (or picking) a set of scores which they referred to as a unique scoring function for their experiment. In this work, an improved semi-global alignment called Cross-semiglobal algorithm, is designed to improve the efficiency of masquerade detection. In the previous pair-wise algorithms, a fix value is always assumed as the gaps score. In Cross-semiglobal algorithm, the scoring function on which the algorithms based their scores is constructed from legitimate users’ sequence of commands. This principle was implemented using platform independent C/C++ frame- work. The designed was tested using a systematically generated ASCII coded sequence audit data from Windows and UNIX operating systems as simulations for standard non-intrusive and intrusion data. The result shows a reduction in false positive rate from 7.7% using semi-global alignment to 5.4% using cross-semiglobal. The detection efficiency was also improved by 7.7%.