Abstract
In this paper, we present a detection technique based on Bayes Decision Rule to identify a group of especially harmful insider attackers - masqueraders. In this technique, we exploit the calling patterns demonstrated by mobile users in mobile cellular networks. Specifically, we formulate the intrusion detection problem as a multi-feature two-class pattern classification problem. Call Duration Time, Call Inactivity Period and Call Destination are extracted to form a feature vector to reflect users' calling activities. A nonparametric technique, Parzen Window approach with a Gaussian kernel, is used to estimate the smooth class-conditional probability density function. A Bayes Decision Rule is applied in order to achieve the minimum error rate. Using users' calling activities to demonstrate different behaviors, we carried out simulations to evaluate the proposed scheme in terms of false positive rate and detection rate.