GUI-based user behavior intrusion detection

Today all users depend on the computer in their daily life, for simple tasks such as checking Our studies in this paper describe an approach for identifying an intruder by his/her behavior on GUI based system. Our system introduces logger to collect user log and BIDS detector. BIDS detector is program who create an initial user profile as well as update it if needed. BIDS program also use a t-test for identifying the user behavior deviation. Our system can be efficiently used while intruder pretending to be authorized the user and gives high detection rates with less false positives.

[1]  Marc Dacier,et al.  Mining intrusion detection alarms for actionable knowledge , 2002, KDD.

[2]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[3]  Saul Greenberg,et al.  How people revisit web pages: empirical findings and implications for the design of history systems , 1997, Int. J. Hum. Comput. Stud..

[4]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[5]  Venu Govindaraju,et al.  Behavioural biometrics: a survey and classification , 2008, Int. J. Biom..

[6]  Hamid Jahankhani,et al.  A Survey of User Authentication Based on Mouse Dynamics , 2008 .

[7]  Arthur B. Maccabe,et al.  The architecture of a network level intrusion detection system , 1990 .

[8]  Yasser Yasami,et al.  An ARP-based Anomaly Detection Algorithm Using Hidden Markov Model in Enterprise Networks , 2007, 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007).

[9]  Mohammed J. Zaki,et al.  ADMIT: anomaly-based data mining for intrusions , 2002, KDD.

[10]  Philip K. Chan,et al.  Learning Patterns from Unix Process Execution Traces for Intrusion Detection , 1997 .

[11]  David Wai-Lok Cheung,et al.  Discovering user access patterns on the World Wide Web , 1998, Knowl. Based Syst..

[12]  Andy Cockburn,et al.  What do web users do? An empirical analysis of web use , 2001, Int. J. Hum. Comput. Stud..

[13]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[14]  I. Traore,et al.  Anomaly intrusion detection based on biometrics , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[15]  Ali A. Ghorbani,et al.  Detecting Network Anomalies Using Different Wavelet Basis Functions , 2008, 6th Annual Communication Networks and Services Research Conference (cnsr 2008).

[16]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[17]  Helen Ashman,et al.  User Modelling for Exclusion and Anomaly Detection: A Behavioural Intrusion Detection System , 2010, UMAP.

[18]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[19]  Claudia Picardi,et al.  Identity verification through dynamic keystroke analysis , 2003, Intell. Data Anal..

[20]  Eugene H. Spafford James P. Anderson: An Information Security Pioneer , 2008, IEEE Security & Privacy Magazine.

[21]  Jude W. Shavlik,et al.  Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage , 2004, KDD.

[22]  J.A. Hamilton,et al.  GUI Usage Analysis for Masquerade Detection , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[23]  John J. Leggett,et al.  Dynamic Identity Verification via Keystroke Characteristics , 1991, Int. J. Man Mach. Stud..

[24]  Kathleen A. Jackson INTRUSION DETECTION SYSTEM (IDS) PRODUCT SURVEY , 1999 .

[25]  Salvatore J. Stolfo,et al.  Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses , 2002, RAID.

[26]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[27]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[28]  David Umphress,et al.  Identity Verification Through Keyboard Characteristics , 1985, Int. J. Man Mach. Stud..

[29]  Eleazar Eskin,et al.  A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[30]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.