Profiling users in GUI based systems for masquerade detection

Proceedings of the 2006 IEEE Workshop on Information Assurance

Volumn 2006, Issue , 2006, Pages 48-54

  Garg, Ashish ^a   Rahalkar, Ragini ^a   Upadhyaya, Shambhu ^a   Kwiat, Kevin ^b  

^a State University of New York   (United States)

^b AIR FORCE RESEARCH LABORATORY   (United States)

Author keywords

GUI based profiling; Intrusion detection; Masquerade detection

Indexed keywords

COMPUTER CRIME; DEMODULATION; LEARNING SYSTEMS; MICE (COMPUTER PERIPHERALS); MONITORING; NUMERICAL METHODS;

GUI BASED PROFILING; INTRUSION DETECTION; MASQUERADE DETECTION; SUPPORT VECTOR MACHINE (SVM);

GRAPHICAL USER INTERFACES;

EID: 33845948788     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (34)

1. "Cyber Security: A Crisis of Prioritization," February 2005. A Technical Report by President's Information Technology Advisory Committee (PITAC).
2. N. Cristianini and J. Shawe-Taylor, An Introduction to Support Vector Machines and other kernel-based learning methods. Cambridge University Press, 2000.
3. M. Schonlau, "Masquerading User Data," 1998. http://www.schonlau.net/intrusion.html.
4. D. E. Denning and P. G. Neumann, "Requirements and Model for IDES - A Real-time Intrusion Detection System," tech. rep., Computer Science Laboratory, SRI International, Menlo Park, CA, 1985.
5. T. Lane and C. E. Brodley, "An Application of Machine Learning to Anomaly Detection," in Proceedings of Twentieth National Information Systems Security Conference, vol. 1, (Gaithersburgh, MD), pp. 366-380, 1997. The National Institute of Standards and Technology and the National Computer Security Center.
6. T. Lane and C. Brodley, "Sequence Matching and Learning in Anomaly Detection for Computer Security," in Proceedings of AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, pp. 43-49, 1997.
7. T. Lane, "Hidden Markov Models for Human-computer interface modeling," in Proceedings of IJCAI-99 Workshop on Learning About Users, pp. 35-44, 1999.
8. M. Schonlau, W. DuMouchel, W.-H. Ju, A. F. Karr, and M. T. andY. Vardi, "Computer Intrusion: Detecting Masquerades," in Statistical Science, vol. 16, pp. 58-74, 2001.
9. R. A. Maxion and T. N. Townsend, "Masquerade Detection Using Truncated Command Lines," in Proceedings of International Conference on Dependable Systems and Networks (DSN '02), pp. 219-228, 2002.
10. R. A. Maxion, "Masquerade Detection Using Enriched Command Lines," in Proceedings of International Conference on Dependable Systems and Networks (DSN '03), (San Francisco, CA), June 2003.
11. K. Wang and S. J. Stolfo, "One Class Training for Masquerade Detection," in ICDM Workshop on Data Mining for Computer Security (DMSEC 03), 2003.
12. F. Monrose and A. Rubin, "Authentication via Keystroke Dynamics," in ACM Conference on Computer and Communications Security, pp. 48-56, 1997.
13. J. Shavlik, M. Shavlik, and M. Fahland, "Evaluating Software Sensors for Actively Profiling Windows 2000 Computer Users," in Fourth International Symposium on Recent Advances in Intrusion Detection, 2001.
14. J. Goecks and J. Shavlik, "Automatically Labeling Web Pages Based on Normal User Actions," in IJCAI Workshop on Machine Learning for Information Filtering, 1999.
15. M. Pusara and C. E. Brodley, "User re-authentication via mouse movements," in VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, (Washington DC, USA), pp. 1-8, 2004.
16. S. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion Detection Using Sequences of System Calls," Journal of Computer Security, vol. 6, no. 3, pp. 151-180, 1998.
17. W. Lee, S. Stolfo, and K. Mok, "A Data Mining Framework for Building Intrusion Detection Models," in IEEE Symposium on Security and Privacy, pp. 120-132, 1999.
18. S. Forrest, S. A. Hofmeyr, and A. Somayaji, "Computer Immunology," Communications of the ACM, vol. 40, no. 10, pp. 88-96, 1997.
19. C. Warrender, S. Forrest, and B. Pearlmutter, "Detecting Intrusions using System Calls: Alternative Data Models," in IEEE Symposium on Security and Privacy, (Oakland, CA), pp. 133-145, 1999.
20. K. Ilgun, R. Kemmerer, and P. Porras, "State Transition Analysis: A Rule-Based Intrusion Detection Approach," Software Engineering, vol. 21, no. 3, pp. 181-199, 1995.
21. Y. Li, N. Wu, S. Jajodia, and S. Wang, "Enhancing Profiles for Anomaly Detection Using Time Granularities," Journal of Computer Security, vol. 10, no. 1,2, pp. 137-157, 2002.
22. H. S. Javitz and A. Valdes, "The SRI IDES Statistical Anomaly Detector," in Proceedings of the IEEE Research in Security and Privacy, (Oakland, CA), pp. 316-376, MAY 1991.
23. A. Wespi, M. Dacier, and H. Debar, "Intrusion Detection Using Variable-Length Audit Trail Patterns," in Recent Advances in Intrusion Detection - Lecture Notes in Computer Science, vol. 1907, pp. 110-29, Springer-Verlag, 2000.
24. N. Ye, "A Markov Chain Model of Temporal Behavior for Anomaly Detection," in Proceedings of the 2000 IEEE Sys terns, Man, and Cybernetics Information Assurance and Security Workshop, pp. 171-174, 2000.
25. A. Ghosh, A. Schwartzbard, and M. Schatz, "Learning Program Behavior Profiles for Intrusion Detection," in First USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 51-62, 1999.
26. K. Levitt, G. Ko, and G. Fink, "Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring," in Computer Security Application Conference, 1994.
27. G. Marceau, "Characterizing the behavior of a program using multiple-length N-grams," in Proceedings of the 2000 workshop on New security paradigms, (Ballycotton, County Cork, Ireland), pp. 101-110, 2000.
28. C. Michael and A. Ghosh, "Using Finite Automata to Mine Execution Data for Intrusion Detection: A Preliminary Report," Lecture Notes in Computer Science, vol. 1907, 2000.
29. D. Wagner and D. Dean, "Intrusion Detection via Static Analysis," in IEEE Symposium on Security and Privacy, pp. 156-169, 2001.
30. M. Rajagopalan, S. Debray, M. Hiltunen, and R. Schlichting, "Profile-directed Optimization of Event-based Programs," in Proceedings of ACM SIGPLAN 2002, pp. 106-116, 2002.
31. H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong, "Anomaly Detection using Call Stack Information," in Proceedings of IEEE Symposium on Security and Privacy, (Oakland, California), May 2003.
32. T. Joachims, "Text Categorization with Support Vector Machines: Learning with many relevant features," in Proceedings of ECML-98, 10th European Conference on Machine Learning, no. 1398, pp. 137-142, Springer Verlag, Heidelberg, DE, 1998.
33. T. Joachims, "SVM light: Support Vector Machine," 2004. http://www.cs.cornell.edu/People/tj/svm.light/index.html.
34. V. N. Vapnik, The Nature of Statistical Learning Theory. Springer, 1995.