Towards an immunity-based system for detecting masqueraders

This paper proposes an immunity-based system for detecting masqueraders in UNIX-like systems. The system is based on the specificity and diversity of the immune system. In other words, the immunity-based system has a user-specific agent for every user, and makes use of multiple profiles, not a single profile. The use of multiple profiles can lead to an improvement in masquerader detection accuracy. In fact, the immunity-based method outperforms other two methods which was the best detection performance in the previous works. In addition, we propose an evaluation framework for the immunity-based masquerader detection system. The evaluation framework is capable of evaluating the differences in detection accuracy between internal and external masqueraders.