Indirect Human Computer Interaction-Based Biometrics for Intrusion Detection Systems

The indirect HCI-based biometrics are events that can be obtained by monitoring users' HCI behavior indirectly via observable low-level actions of computer software, those include records in audit logs, call-stack data, GUI interaction events, network traffic, registry access data, storage activity, and system calls. These low-level events are produced unintentionally by the user during interaction with different software applications during pursuit of some, potentially mischievous, high level goals. This paper concentrates on the review and analysis of indirect human computer interaction-based biometrics frequently used in intrusion detection systems. We conclude with an experimental demonstration of an intrusion detection system based on network traffic analysis as an example of application of indirect human computer interaction-based behavioral biometrics.

[1]  W. Yurcik,et al.  FABS: file and block surveillance system for determining anomalous disk accesses , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[2]  J.D.S. da Silva,et al.  A neural network application for attack detection in computer networks , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[3]  C. Manikopoulos,et al.  Investigation of neural network classification of computer network attacks , 2003, International Conference on Information Technology: Research and Education, 2003. Proceedings. ITRE2003..

[4]  Roman V. Yampolskiy,et al.  Motor-Skill Based Biometrics , 2007 .

[5]  Nong Ye,et al.  A Markov Chain Model of Temporal Behavior for Anomaly Detection , 2000 .

[6]  Christoph C. Michael,et al.  Using Finite Automata to Mine Execution Data for Intrusion Detection: A Preliminary Report , 2000, Recent Advances in Intrusion Detection.

[7]  Leon Reznik,et al.  Anomaly Detection Based Intrusion Detection , 2006, Third International Conference on Information Technology: New Generations (ITNG'06).

[8]  Philip K. Chan,et al.  Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security , 2004, CCS 2004.

[9]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.

[10]  Terran Lane,et al.  An Application of Machine Learning to Anomaly Detection , 1999 .

[11]  Daniel J. Ragsdale,et al.  A hybrid approach to the profile creation and intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[12]  Weibo Gong,et al.  Anomaly detection using call stack information , 2003, 2003 Symposium on Security and Privacy, 2003..

[13]  Salvatore J. Stolfo,et al.  A Behavior-Based Approach to Securing Email Systems , 2003, MMM-ACNS.

[14]  Craig A. N. Soules,et al.  Storage-based Intrusion Detection: Watching Storage Activity for Suspicious Behavior , 2003, USENIX Security Symposium.

[15]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[16]  Sushil Jajodia,et al.  Enhancing Profiles for Anomaly Detection Using Time Granularities , 2002, J. Comput. Secur..

[17]  Sung-Hyuk Cha,et al.  Long-Text Keystroke Biometric Applications over the Internet , 2005, MLMTA.

[18]  Yoohwan Kim,et al.  Baseline Profile Stability for Network Anomaly Detection , 2008 .

[19]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[20]  Carla Marceau,et al.  Characterizing the behavior of a program using multiple-length N-grams , 2001, NSPW '00.

[21]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[22]  Arslan Brömme,et al.  Multifactor Biometric Sketch Authentication , 2003, BIOSIG.

[23]  Jarmo Ilonen Keystroke Dynamics , 2009, Encyclopedia of Biometrics.

[24]  Jan Ramon,et al.  Opponent modeling by analysing play , 2002 .

[25]  Salvatore J. Stolfo,et al.  Combining Behavior Models to Secure Email Systems , 2003 .

[26]  A. Garg,et al.  Profiling Users in GUI Based Systems for Masquerade Detection , 2006, 2006 IEEE Information Assurance Workshop.

[27]  Dmitry V. Novikov Neural networks to intrusion detection , 2005 .

[28]  B. N. Chatterji Feature Extraction Methods for Character Recognition , 1986 .

[29]  R.V. Yampolskiy,et al.  ARTIFICIAL INTELLIGENCE APPROACHES FOR INTRUSION DETECTION , 2006, 2006 IEEE Long Island Systems, Applications and Technology Conference.

[30]  Roman V. Yampolskiy Human Computer Interaction Based Intrusion Detection , 2007, Fourth International Conference on Information Technology (ITNG'07).

[31]  Tzi-cker Chiueh,et al.  Accurate and Automated System Call Policy-Based Intrusion Prevention , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[32]  Christoph C. Michael Finding the vocabulary of program behavior data for anomaly detection , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[33]  Marc Dacier,et al.  Intrusion Detection Using Variable-Length Audit Trail Patterns , 2000, Recent Advances in Intrusion Detection.

[34]  Abdulmotaleb El-Saddik,et al.  Haptic: the new biometrics-embedded media to recognizing and quantifying human patterns , 2005, MULTIMEDIA '05.

[35]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[36]  Geoffrey H. Kuenning,et al.  Detecting insider threats by monitoring system call activity , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[37]  Sung-Hyuk Cha,et al.  Keystroke Biometric Recognition on Long-Text Input: A Feasibility Study , 2006 .

[38]  I. Traore,et al.  Anomaly intrusion detection based on biometrics , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[39]  R. Wilder,et al.  Wide-area Internet traffic patterns and characteristics , 1997, IEEE Netw..

[40]  Issa Traoré,et al.  Detecting Computer Intrusions Using Behavioral Biometrics , 2005, PST.

[41]  Carla E. Brodley,et al.  Detecting the Abnormal: Machine Learning in Computer Security , 1997 .

[42]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[43]  Ana L. N. Fred,et al.  A behavioral biometric system based on human-computer interaction , 2004, SPIE Defense + Commercial Sensing.

[44]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[45]  Eugene H. Spafford,et al.  Software forensics: Can we track code to its authors? , 1993, Comput. Secur..

[46]  Roman Yampolskiy,et al.  Feature Extraction Methods for Character Recognition , 2004 .

[47]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[48]  Somesh Jha,et al.  Efficient Context-Sensitive Intrusion Detection , 2004, NDSS.

[49]  A. El Saddik,et al.  Automatic Identification of Participants in Haptic Systems , 2005, 2005 IEEE Instrumentationand Measurement Technology Conference Proceedings.

[50]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[51]  Stephen G. MacDonell,et al.  Software Forensics: Extending Authorship Analysis Techniques to Computer Programs , 2002 .

[52]  Yuxin Ding,et al.  Host-based intrusion detection using dynamic and static behavioral models , 2003, Pattern Recognit..

[53]  Seppo Puuronen,et al.  Anomaly Intrusion Detection Systems: Handling Temporal Relations Between Events , 1999, Recent Advances in Intrusion Detection.

[54]  R. Sekar,et al.  Dataflow anomaly detection , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[55]  Gregory R. Ganger,et al.  On the Feasibility of Intrusion Detection Inside Workstation Disks , 2003 .

[56]  Venu Govindaraju,et al.  Use of behavioral biometrics in intrusion detection and online gaming , 2006, SPIE Defense + Commercial Sensing.

[57]  Salvatore J. Stolfo,et al.  Mining in a data-flow environment: experience in network intrusion detection , 1999, KDD '99.

[58]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[59]  Giancarlo Ruffo,et al.  Keystroke Analysis of Different Languages: A Case Study , 2005, IDA.

[60]  Mohammad Banikazemi,et al.  Storage-based intrusion detection for storage area networks (SANs) , 2005, 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies (MSST'05).

[61]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[62]  Vern Paxson,et al.  Enhancing byte-level network intrusion detection signatures with context , 2003, CCS '03.

[63]  Dongsheng Wang,et al.  Research on object-storage-based intrusion detection , 2006, 12th International Conference on Parallel and Distributed Systems - (ICPADS'06).

[64]  Arslan Brömme,et al.  Using an Active Shape Structural Model for Biometric Sketch Recognition , 2003, DAGM-Symposium.

[65]  Karl N. Levitt,et al.  Automated detection of vulnerabilities in privileged programs by execution monitoring , 1994, Tenth Annual Computer Security Applications Conference.

[66]  Salvatore J. Stolfo,et al.  Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses , 2002, RAID.

[67]  Danielle Liu,et al.  Application profiling of IP traffic , 2002, 27th Annual IEEE Conference on Local Computer Networks, 2002. Proceedings. LCN 2002..

[68]  Ana L. N. Fred,et al.  An Identity Authentication System Based On Human Computer Interaction Behaviour , 2003, PRIS.

[69]  Abdulmotaleb El-Saddik,et al.  Haptic-Based Biometrics: A Feasibility Study , 2006, 2006 14th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems.