USim: A User Behavior Simulation Framework for Training and Testing IDSes in GUI Based Systems

Authors:
A. Garg;S. Vidyaraman;S. Upadhyaya;K. Kwiat
Affiliations:
SUNY at Buffalo;SUNY at Buffalo;SUNY at Buffalo;Air Force Research Laboratory
Venue:
ANSS '06 Proceedings of the 39th annual Symposium on Simulation
Year:
2006

Citing 8
Cited 2

Structuring and visualising the WWW by generalised similarity analysis

HYPERTEXT '97 Proceedings of the eighth ACM conference on Hypertext
Network simulations with OPNET

Proceedings of the 31st conference on Winter simulation: Simulation---a bridge to the future - Volume 1
Using simulation for manufacturing process reengineering: a practical case study

Proceedings of the 32nd conference on Winter simulation
A virtual environment for simulating manufacturing operations in 3D

Proceedings of the 33nd conference on Winter simulation
Masquerade Detection Using Truncated Command Lines

DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Synthesizing Test Data for Fraud Detection Systems

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
RACOON: Rapidly Generating User Command Data For Anomaly Detection From Customizable Templates

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Behavior profiling of email

ISI'03 Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics

Strategy-based behavioural biometrics: a novel approach to automated identification

International Journal of Computer Applications in Technology
Generating client workloads and high-fidelity network traffic for controllable, repeatable experiments in computer security

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anomaly detection systems largely depend on user profile data to be able to detect deviations from normal activity. Most of this profile data is currently based on command-line instructions/directives executed by users on a system. With the advent and extensive usage of graphical user interfaces (GUIs), command-line data can no longer fully represent user's complete behavior which is essential for effectively detecting the anomalies in these GUI based systems. Collection of user behavior data is a slow and time consuming process. In this paper, we present a new approach to automate the generation of user data by parameterizing user behavior in terms of user intention (malicious/normal), user skill level, set of applications installed on a machine, mouse movement and keyboard activity. The user behavior parameters are used to generate templates, which can be further customized. The framework is called USim which can achieve rapid generation of user behavior data based on these templates for GUI based systems. The data thus generated can be utilized for rapidly training and testing intrusion detection systems (IDSes) and improving their detection precision