Abstract
The ability to identify collusive malicious behavior is critical in today's security environment. We pose the general problem of Collusion Set Detection (CSD): identifying sets of behavior that together satisfy some notion of "interesting behavior". For this paper, we focus on a subset of the problem (called CSD′), by restricting our attention only to outliers. In the process of proposing the solution, we make the following novel research contributions: First, we propose a suitable distance metric, called the collusion distance metric, and formally prove that it indeed is a distance metric. We propose a collusion distance based outlier detection (CDB) algorithm that is capable of identifying the causal dimensions (n) responsible for the outlierness, and demonstrate that it improves both precision and recall, when compared to the Euclidean based outlier detection. Second, we propose a solution to the CSD′ problem, which relies on the semantic relationships among the causal dimensions.
Original language | English (US) |
---|---|
Pages (from-to) | 1-13 |
Number of pages | 13 |
Journal | Lecture Notes in Computer Science |
Volume | 3495 |
DOIs | |
State | Published - 2005 |
Event | IEEE International Conference on Intelligence and Security Informatics, ISI 2005 - Atlanta, GA, United States Duration: May 19 2005 → May 20 2005 |
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- General Computer Science