IEEE Transactions on Software Engineering - Special issue on computer security and privacy
User Modeling and User-Adapted Interaction
Intrusion Detection through Behavioral Data
IDA '99 Proceedings of the Third International Symposium on Advances in Intelligent Data Analysis
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Identity verification through dynamic keystroke analysis
Intelligent Data Analysis
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Creating User Profiles from a Command-Line Interface: A Statistical Approach
UMAP '09 Proceedings of the 17th International Conference on User Modeling, Adaptation, and Personalization: formerly UM and AH
Automated stress detection using keystroke and linguistic features: An exploratory study
International Journal of Human-Computer Studies
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Intrusion detection through learning behavior model
Computer Communications
| Hi-index | 0.00 |
User models are generally created to personalise information or share user experiences among like-minded individuals An individual's characteristics are compared to those of some canonical user type, and the user included in various user groups accordingly Those user groups might be defined according to academic ability or recreational interests, but the aim is to include the user in relevant groups where appropriate The user model described here operates on the principle of exclusion, not inclusion, and its purpose is to detect atypical behaviour, seeing if a user falls outside a category, rather than inside one That is, it performs anomaly detection against either an individual user model or a typical user model Such a principle can be usefully applied in many ways, such as early detection of illness, or discovering students with learning issues In this paper, we apply the anomaly detection principle to the detection of intruders on a computer system masquerading as real users, by comparing the behaviour of the intruder with the expected behaviour of the user as characterised by their user model This behaviour is captured in characteristics such as typing habits, Web page usage and application usage An experimental intrusion detection system (IDS) was built with user models reflecting these characteristics, and it was found that comparison with a small number of key characteristics from a user model can very quickly detect anomalies and thus identify an intruder.