论文信息 - Evaluating Software Sensors for Actively Profiling Windows 2000 Computer Users

Evaluating Software Sensors for Actively Profiling Windows 2000 Computer Users

We report on a new, on-going intrusion-detection project that empirically investigates the usefulness of "stealing" a small amount of CPU cycles (1%), main memory (16MB), and disk memory (100 MB) in order to continually gather and analyze dozens of fine-grained system measurements, such as network traffic, identity of the current programs executing, and the user’s typing speed. The underlying scientific hypothesis is that a properly chosen set of measurements can provide a "fingerprint" that is unique to each user. Hence, such measurements could serve to help distinguish appropriate use of a given computer from misuse, especially by insiders.

[1] Fabian Monrose,et al. Authentication via keystroke dynamics , 1997, CCS '97.

[2] Carla E. Brodley,et al. Approaches to Online Learning and Concept Drift for User Identification in Computer Security , 1998, KDD.

[3] Jeremy Goecks,et al. Automatically Labeling Web Pages Based on Normal User Actions , 1999 .

[4] Robert H. Anderson. Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems. , 1999 .

[5] Michael Schatz,et al. Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[6] Barak A. Pearlmutter,et al. Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[7] Salvatore J. Stolfo,et al. A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).