Nowadays computer and network intrusions have become more common and more complicated, challenging the intrusion detection systems. Also, network traffic has been constantly increasing. As a consequence, the amount of data to be processed by an intrusion detection system has been growing, making it difficult to efficiently detect intrusions online. Proposes an approach for continuous user authentication based on the user’s behaviour, aiming at development of an efficient and portable anomaly intrusion detection system. A prototype of a host‐based intrusion detection system was built. It detects masqueraders by comparing the current user behaviour with his/her stored behavioural model. The model itself is represented by a number of patterns that describe sequential and temporal behavioural regularities of the users. This paper also discusses implementation issues, describes the authors’ solutions, and provides performance results of the prototype.
[1]
James F. Allen.
Maintaining knowledge about temporal intervals
,
1983,
CACM.
[2]
Dong Xiang,et al.
Information-theoretic measures for anomaly detection
,
2001,
Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.
[3]
Salvatore J. Stolfo,et al.
A data mining framework for building intrusion detection models
,
1999,
Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).
[4]
TERRAN LANE,et al.
Temporal sequence learning and data reduction for anomaly detection
,
1999,
TSEC.
[5]
Seppo Puuronen,et al.
Learning Temporal Regularities of User Behavior for Anomaly Detection
,
2001,
MMM-ACNS.