Proximity User Identification Using Correlogram

This paper represents a technique, applying user action patterns in order to distinguish between users and identify them. In this method, users’ actions sequences are mapped to numerical sequences and each user’s profile is generated using autocorrelation values. Next, cross-correlation is used to compare user profiles with a test data. To evaluate our proposed method, a dataset known as Greenberg’s dataset is used. The presented approach is succeeded to detect the correct user with as high as 82.3% accuracy over a set of 52 users. In comparison to the existing methods based on Hidden Markov Model or Neural Networks, our method needs less computation time and space. In addition, it has the ability of getting updated iteratively which is a main factor to facilitate transferability.

[1]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[2]  Salvatore J. Stolfo,et al.  Modeling system calls for intrusion detection with dynamic window sizes , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[3]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[4]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[5]  Marco Botta,et al.  Learning Profiles Based on Hierarchical Hidden Markov Model , 2005, ISMIS.

[6]  Saul Greenberg,et al.  USING UNIX: COLLECTED TRACES OF 168 USERS , 1988 .

[7]  Shusaku Tsumoto,et al.  Foundations of Intelligent Systems, 15th International Symposium, ISMIS 2005, Saratoga Springs, NY, USA, May 25-28, 2005, Proceedings , 2005, ISMIS.

[8]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.

[9]  Raymond T. Ng,et al.  Finding Intensional Knowledge of Distance-Based Outliers , 1999, VLDB.

[10]  Terran Lane,et al.  Models and Model Biases for Automatically Learning Task Switching Behavior , 2005 .

[11]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[12]  Nong Ye,et al.  A Markov Chain Model of Temporal Behavior for Anomaly Detection , 2000 .

[13]  Raymond T. Ng,et al.  Algorithms for Mining Distance-Based Outliers in Large Datasets , 1998, VLDB.

[14]  T. Lane,et al.  Sequence Matching and Learning in Anomaly Detection for Computer Security , 1997 .