Avani Kothari

Publication Date

Spring 2012

Degree Type

Master's Project


Computer Science


A masquerader is an attacker who has obtained access to a legitimate user’s computer and is pretending to be that user. The masquerader’s goal is to conduct an attack while remaining undetected. Hidden Markov models (HMM) are well-known machine learning techniques that have been used successfully in a wide variety of fields, including speech recognition, malware detection, and intrusion detection systems. Previous research has shown that HMM trained on a user’s UNIX commands can provide an effective means of masquerade detection. Na ̈ Bayes is a simple classifier based on Bayes Theorem, ıve which relies on the command frequency. In this project we empirically test various masquerade mimicry strategies, that is, strategies for evading masquerade detection. We develop and analyze four distinct masquerade mimicry strategies and in each case, we give empirical results for their effectiveness at evading Na ̈ Bayes and ıve HMM-based masquerade detection.