Towards building a masquerade detection method based on user file system navigation

  • Authors:

  • Benito Camiña;Raúl Monroy;Luis A. Trejo;Erika Sánchez

  • Affiliations:

  • Computer Science Department, Tecnológico de Monterrey — Campus Estado de México, Estado de México, México;Computer Science Department, Tecnológico de Monterrey — Campus Estado de México, Estado de México, México;Computer Science Department, Tecnológico de Monterrey — Campus Estado de México, Estado de México, México;Computer Science Department, Tecnológico de Monterrey — Campus Estado de México, Estado de México, México

  • Venue:
  • MICAI'11 Proceedings of the 10th Mexican international conference on Advances in Artificial Intelligence - Volume Part I
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

Given that information is an extremely valuable asset, it is vital to timely detect whether one's computer (session) is being illegally seized by a masquerader. Masquerade detection has been actively studied for more than a decade, especially after the seminal work of Schonlau's group, who suggested that, to profile a user, one should model the history of the commands she would enter into a UNIX session. Schonlau's group have yielded a masquerade dataset, which has been the standard for comparing masquerade detection methods. However, the performance of these methods is not conclusive, and, as a result, research on masquerade detection has resorted to other sources of information for profiling user behaviour. In this paper, we show how to build an accurate user profile by looking into how the user structures her own file system and how she navigates such structure. While preliminary, our results are encouraging and suggest a number of ways in which new methods can be constructed.