Abstract
We present an approach to the problem of detecting intrusions in computer systems through the use behavioral data produced by users during their normal login sessions. In fact, attacks may be detected by observing abnormal behavior, and the technique we use consists in associating to each system user a classifier made with relational decision trees that will label login sessions as “legals” or as “intrusions”. We perform an experimentation for 10 users, based on their normal work, gathered during a period of three months.We obtain a correct user recognition of 90%, using an independent test set. The test set consists of new, previously unseen sessions for the users considered during training, as well as sessions from users not available during the training phase. The obtained performance is comparable with previous studies, but (1) we do not use information that may effect user privacy and (2) we do not bother the users with questions.
Cite
CITATION STYLE
Gunetti, D., & Ruffo, G. (1999). Intrusion detection through behavioral data. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1642, pp. 383–394). Springer Verlag. https://doi.org/10.1007/3-540-48412-4_32
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
