Anomaly detection over user profiles for intrusion detection

Proceedings of the 8th Australian Information Security Management Conference

Volumn , Issue , 2010, Pages 81-94

  Pannell, Grant ^a   Ashman, Helen ^a  

^a UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

Author keywords

Anomaly detection; Behavioural biometrics; Behavioural intrusion detection; User model

Indexed keywords

ANOMALY DETECTION; APPLICATION PERFORMANCE; DETECTION SYSTEM; HOST-BASED; INTRUSION DETECTION SYSTEMS; MULTIPLE CHARACTERISTICS; NETWORK ADMINISTRATOR; NETWORK TRAFFIC; USAGE PATTERNS; USER ACTIVITY; USER BEHAVIOUR; USER MODELS; USER PROFILE;

BIOMETRICS; INDUSTRIAL MANAGEMENT; INTRUSION DETECTION;

BEHAVIORAL RESEARCH;

EID: 84864544159     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (35)

1. Ahmed, A. A. E. & Traore, I. 2005, 'Anomaly intrusion detection based on biometrics,' in Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC, pp. 452-453. (Pubitemid 43948767)
2. Anderson, D., Frivold, T. & Valdes, A. 1995, 'Next-generation Intrusion Detection Expert (NIDES) A Summary,' SRI INTERNATIONAL Computer Science Laboratory.
3. Anderson, J. P. 1980, 'Computer Security Threat Monitoring and Surveillance,' James P. Anderson Company.
4. Balajinath, B. & Raghavan, S. V. 2001, 'Intrusion detection through learning behaviour model,' Computer Communications, vol. 24, no. 12, pp. 1202-1212. (Pubitemid 32610612)
5. Bergadano, F., Gunetti, D. & Picardi, C. 2003, 'Identity verification through dynamic keystroke analysis,' Intelligent Data Analysis, vol. 7, no. 5, pp. 469-496.
6. Boies, S. J. 1974, 'User Behaviour on an Interactive Computer System,' IBM Systems Journal, vol. 13, no. 1, pp. 2-18.
7. Cabrera, J. B. D., Lewis, L. & Mehra, R. K. 2001, 'Detection and classification of intrusions and faults using sequences of system calls,' SIGMOD Rec., vol. 30, no. 4, pp. 25-34.
8. Cheung, D. W., Kao, B. & Lee, J. 1998, 'Discovering user access patterns on the World Wide Web,' Knowledge-Based Systems, vol. 10, no. 7, pp. 463-470. (Pubitemid 128393685)
9. Cockburn, A. & McKenzie, B. 2001, 'What do web users do? An empirical analysis of web use,' International Journal of Human-Computer Studies, vol. 54, no. 6, pp. 903-922.
10. Denning, D. E. 1987, 'An Intrusion-Detection Model,' Software Engineering, IEEE Transactions on, vol. 13, no. 2, pp. 222-232.
11. Ellis, D. R., Aiken, J. G., Attwood, K. S. & Tenaglia, S. D. 2004, 'A behavioural approach to worm detection,' in Proceedings of the 2004 ACM workshop on Rapid malcode, ACM, Washington DC, USA, pp. 43-53.
12. Eugene, S. 2008, 'James P. Anderson: An Information Security Pioneer,' IEEE Security & Privacy, vol. 6, no. 1, pp. 9.
13. Forrest, S., Hofmeyr, S. A., Somayaji, A. & Longstaff, T. A. 1996, 'A sense of self for Unix processes,' in Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on, pp. 120-128.
14. Gu, G., Cardenas, A. A. & Lee, W. 2008, 'Principled reasoning and practical applications of alert fusion in intrusion detection systems,' in Proceedings of the 2008 ACM symposium on Information, computer and communications security, ACM, Tokyo, Japan, pp. 136-147.
15. Hofmeyr, S. A., Forrest, S. & Somayaji, A. 1998, 'Intrusion detection using sequences of system calls,' Journal of Computer Security, vol. 6, no. 3, pp. 151.
16. Imsand, E. S. & Hamilton, J. A. 2007, 'GUI Usage Analysis for Masquerade Detection,' in Information Assurance and Security Workshop, 2007. IAW '07. IEEE SMC, pp. 270-276.
17. Julisch, K. & Dacier, M. 2002, 'Mining intrusion detection alarms for actionable knowledge,' in Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, ACM, Edmonton, Alberta, Canada, pp. 366-375.
18. Lane, T. & Brodley, C. E. 1997, 'An Application of Machine Learning to Anomaly Detection,' in Proceedings of the 20th National Information Systems Security Conference, pp. 366-380.
19. Li, L., Sui, S. & Manikopoulos, C. N. 2006, 'Windows NT User Profiling for Masquerader Detection,' in Networking, Sensing and Control, 2006. ICNSC '06. Proceedings of the 2006 IEEE International Conference on, pp. 386-391. (Pubitemid 46900518)
20. Lindqvist, U. & Porras, P. A. 2001, 'eXpert-BSM: A Host-based Intrusion Detection Solution for Sun Solaris,' in 17th Annual Computer Security Applications Conference, IEEE Computer Society, New Orleans, Louisiana, pp. 2-40.
21. Leggett, J., Williams, G., Usnick, M. & Longnecker, M. 1991, 'Dynamic identity verification via keystroke characteristics,' International Journal of Man-Machine Studies, vol. 35, no. 6, pp. 859-870.
22. McKinney, S. & Reeves, D. S. 2009, 'User identification via process profiling: extended abstract,' in Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, ACM, Oak Ridge, Tennessee, pp. 1-4.
23. Doi: Monrose, F. & Rubin, A. 1997, 'Authentication via keystroke dynamics,' in Proceedings of the 4th ACM conference on Computer and communications security, ACM, Zurich, Switzerland, pp. 48-56.
24. Pannell, G. & Ashman, H. 2010, 'User Modelling for Exclusion and Anomaly Detection: A Behavioural Intrusion Detection System,' in 18th Intl. User Modeling, Adaptation, and Personalization, Springer, Berlin, pp. 207-218.
25. Pusara, M. & Brodley, C. E. 2004, 'User re-authentication via mouse movements,' in Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, ACM, Washington DC, USA, pp. 1-8. (Pubitemid 40821167)
26. Revett, K., Jahankhani, H., Magalhães, S. T. & Santos, H. M. D. 2008, 'A Survey of User Authentication Based on Mouse Dynamics,' in Global E-Security, 4th International Conference, ICGeS 2008, Springer, London, UK, pp. 210-219.
27. Revett, K. 2009, 'A bioinformatics based approach to user authentication via keystroke dynamics,' International Journal of Control, Automation and Systems, vol. 7, no. 1, pp. 7-15.
28. Shavlik, J. & Shavlik, M. 2004, 'Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage,' in Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, ACM, Seattle, WA, USA, pp. 276-285. (Pubitemid 40114937)
29. Smaha, S. E. 1988, 'Haystack: an intrusion detection system,' in Aerospace Computer Security Applications Conference, 1988., Fourth, pp. 37-44.
30. Stolfo, S. J., Hershkop, S., Hu, C.-W., Li, W.-J., Nimeskern, O. & Wang, K. 2006, 'Behaviour-based modeling and its application to Email analysis,' ACM Trans. Internet Technol., vol. 6, no. 2, pp. 187-221. (Pubitemid 44222718)
31. Tan, K. 1995, 'The application of neural networks to UNIX computer security,' in Neural Networks, 1995. Proceedings., IEEE International Conference on, pp. 476-481.
32. Tauscher, L. & Greenberg, S. 1997, 'How people revisit web pages: emprical findings and implications for the design of history systems,' International Journal of Human Computer Studies, vol. 47, no. 1, pp. 97-138.
33. Umphress, D. & Williams, G. 1985, 'Identity verification through keyboard characteristics,' International Journal of Man Machine Studies, vol. 23, no. 3, pp. 263-273. (Pubitemid 16218123)
34. Vizer, L. M., Zhou, L. & Sears, A. 2009, 'Automated stress detection using keystroke and linguistic features: An exploratory study,' International Journal of Human-Computer Studies, vol. 67, no. 10, pp. 870-886.
35. Yampolskiy, R. V. & Govindaraju, V. 2008, 'Behavioural biometrics: a survey and classification,' Int. J. Biometrics, vol. 1, no. 1, pp. 81-113.