Identity authentication based on keystroke latencies
Communications of the ACM
Computer-Access Security Systems Using Keystroke Dynamics
IEEE Transactions on Pattern Analysis and Machine Intelligence
Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
RACOON: Rapidly Generating User Command Data For Anomaly Detection From Customizable Templates
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
User identification based on game-play activity patterns
Proceedings of the 6th ACM SIGCOMM workshop on Network and system support for games
Why did my detector do that?!: predicting keystroke-dynamics error rates
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Hybrid method for detecting masqueraders using session folding and hidden markov models
MICAI'06 Proceedings of the 5th Mexican international conference on Artificial Intelligence
Modeling user search behavior for masquerade detection
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
User authentication through typing biometrics features
IEEE Transactions on Signal Processing
Masquerade attacks based on user's profile
Journal of Systems and Software
Continual retraining of keystroke dynamics based authenticator
ICB'07 Proceedings of the 2007 international conference on Advances in Biometrics
Hi-index | 12.05 |
We introduce a new masquerade dataset, called Windows-Users and -Intruder simulations Logs (WUIL), which, unlike existing datasets, involves more faithful masquerade attempts. While building WUIL, we have worked under the hypothesis that the way in which a user navigates her file system structure can neatly separate a masquerade attack. Thus, departing from standard practice, we state that it is not a user action, but the object upon which the action is carried out what distinguishes user participation. We shall argue that this approach, based on file system navigation provides a richer means, and at a higher-level of abstraction, for building novel models for masquerade detection. We shall devote an important part of this paper to describe WUIL's content: what information about user activity is stored and how it is represented; prominent characteristics of the participant users; the kinds of masquerade attacks to be timely detected; and the way they have been simulated. We shall argue that WUIL provides reliable data for experimenting on close to real-life instances of masquerade detection, as well as for conducting fair comparisons on rival detection mechanisms, hoping it will be of use to the research community. As a side contribution of this paper, we use WUIL to conduct a simple comparison of two masquerade detection methods: one based on SVM, and the other based on KNN. While this comparison experiment is not central to the paper, we expect it to motivate research exploring deeper the masquerade detection problem, and spreading the use of WUIL. In a similar vein, we provide directions for further research, hinting on how to use the features contained in WUIL, and hoping others would find them appealing.