GroupLens: an open architecture for collaborative filtering of netnews
CSCW '94 Proceedings of the 1994 ACM conference on Computer supported cooperative work
DEMIDS: a misuse detection system for database systems
Integrity and internal control information systems
Item-based collaborative filtering recommendation algorithms
Proceedings of the 10th international conference on World Wide Web
Information Retrieval: Algorithms and Heuristics
Information Retrieval: Algorithms and Heuristics
Enemy at the gate: threats to information security
Communications of the ACM - Program compaction
Misuse detection for information retrieval systems
CIKM '03 Proceedings of the twelfth international conference on Information and knowledge management
Tracking changes in user interests with a few relevance judgments
CIKM '03 Proceedings of the twelfth international conference on Information and knowledge management
Using relevance feedback to detect misuse for information retrieval systems
Proceedings of the thirteenth ACM international conference on Information and knowledge management
On off-topic access detection in information systems
Proceedings of the 14th ACM international conference on Information and knowledge management
Contextual relevance feedback in web information retrieval
IIiX Proceedings of the 1st international conference on Information interaction in context
Improving classification based off-topic search detection via category relationships
Proceedings of the 2009 ACM symposium on Applied Computing
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Detecting misuse of information retrieval systems using data mining techniques
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Hi-index | 0.01 |
Misuse is the abuse of privileges by an authorized user and is the second most common form of computer crime after viruses. Earlier we proposed a misuse detection approach for information retrieval systems that relied on relevance feedback. The central idea focused on the building of a user profile containing both query and feedback terms from prior queries. Our algorithm matched new activities to existing profiles and assigned a likelihood of misuse to an activity. Only initial evaluation was provided.We now expand and evaluate our system using both short and long queries noting the effect of query length in the accuracy of the detection. The results indicate an overall precision of 83.9% when short queries are used, and 82.2% for long queries. The rate of the undetected misuse for short queries is less than 2% and for long queries less than 6%. Although higher precision score configurations result in a lower false alarm rate, unfortunately, they increase the rate of undetected misuse both for short and long queries. Given this tradeoff, for any particular application constraint, system behavior can be tuned to minimize either false alarms or undetected misuse.