User Behavior-Based Intrusion Detection Using Statistical Techniques

Abstract

The objective of intrusion detection systems is to identify attacks on host or networks based computer systems. IDS also categorise based on attacks, if attacks pattern are known then signature-based intrusion detection method is used or if abnormal behavior then anomaly (behavior) based intrusion detection method is used. We have retrieved various user behavior parameters such as resource access and usage, count of input devices such as a keyboard and mouse access. The focus of this paper is to identify whether user behavior is normal or abnormal on host-based GUI systems using statistical techniques. We apply simple Aggregation measure and Logistic Regression methods on user behavior log. Based on our implementation, Evaluation show significance accuracy in the training set to result in confusion matrix using Logistic Regression method.