Anomaly Detection over User Profiles for Intrusion Detection
作者: Grant Pannell , Helen Ashman
关键词: User modeling 、 Data mining 、 Profiling (information science) 、 User profile 、 Anomaly-based intrusion detection system 、 Anomaly detection 、 Computer network 、 Computer science 、 Intrusion prevention system 、 Intrusion detection system
摘要: Intrusion detection systems (IDS) have often been used to analyse network traffic help administrators quickly identify and respond intrusions. These generally operate over the entire network, identifying “anomalies” atypical of network’s normal collective user activities. We show that anomaly could also be host-based so usage patterns an individual profiled. This enables masquerading intruders by comparing a learned profile against current session’s profile. A prototype behavioural IDS applies concept behaviour compares effects using multiple characteristics users. Behaviour captured within system consists application usage, performance (CPU memory), websites visits, number windows has open, their typing habits. The results such is entirely feasible, physically related are more relevant profiling combination can significantly decrease time taken detect intruder.
sci-hub.st 参考文章(32)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Terran Lane, Carla E Brodley, An Application of Machine Learning to Anomaly Detection ,(1999)
Grant Pannell, Helen Ashman, User modelling for exclusion and anomaly detection: a behavioural intrusion detection system international conference on user modeling adaptation and personalization. pp. 207- 218 ,(2010) , 10.1007/978-3-642-13470-8_20
U. Lindqvist, P.A. Porras, eXpert-BSM: a host-based intrusion detection solution for Sun Solaris annual computer security applications conference. pp. 240- 251 ,(2001) , 10.1109/ACSAC.2001.991540
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Jude Shavlik, Mark Shavlik, Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage knowledge discovery and data mining. pp. 276- 285 ,(2004) , 10.1145/1014052.1014084
Maja Pusara, Carla E. Brodley, User re-authentication via mouse movements visualization for computer security. pp. 1- 8 ,(2004) , 10.1145/1029208.1029210
John Leggett, Glen Williams, Mark Usnick, Mike Longnecker, Dynamic identity verification via keystroke characteristics International Journal of Human-computer Studies \/ International Journal of Man-machine Studies. ,vol. 35, pp. 859- 870 ,(1991) , 10.1016/S0020-7373(05)80165-8
David Umphress, Glen Williams, Identity verification through keyboard characteristics International Journal of Man-Machine Studies. ,vol. 23, pp. 263- 273 ,(1985) , 10.1016/S0020-7373(85)80036-5
David W. Cheung, Ben Kao, Joseph Lee, Discovering user access patterns on the World Wide Web Knowledge Based Systems. ,vol. 10, pp. 463- 470 ,(1998) , 10.1016/S0950-7051(98)00037-9