 |
7th Annual IEEE Information Assurance Workshop 21-23 June 2006 "The West Point Workshop" United States Military Academy, West Point, New York |
| Chair: LTC Ronald Dodge, Ronald.Dodge@usma.edu | |
|
|
|
Profiling Users in GUI Based Systems for Masquerade DetectionAshish Garg, Ragini Rahalkar, Shambhu Upadhyaya and Kevin KwiatThe 7th IEEE Information Assurance Workshop (IAWorkshop 2006)West Point, New York, USA, June 21-23, 2006
AbstractMasquerading or impersonation attack refers to the illegitimate activity on a computer system when one user impersonates another user. Masquerade attacks are serious in nature due to the fact that they are mostly carried by insiders and thus are extremely difficult to detect. Detection of these attacks is done by detecting significant changes in user's behavior based on his/her profile. Currently, such profiles are based mostly on the user command line data and do not represent his/her complete behavior in a graphical user interface (GUI) based system and hence are not sufficient to quickly detect such masquerade attacks. In this paper, we present a new framework for creating a unique feature set for user behavior on GUI based systems. We collect real user behavior data from live systems and extract parameters to construct these feature vectors. These vectors contain user information such as mouse speed, distance, angles and amount of clicks during session. We model our technique of user identification and masquerade detection as a \textit{binary classification problem} and use Support Vector Machine (SVM) to learn and classify these feature vectors. We show that our technique can provide detection rates of upto 96\% with few false positives based on these feature vectors. We test our technique with various feature vector parameters and conclude that these feature vectors can provide unique and comprehensive user behavior information and are powerful enough for detecting masqueraders.
|
|
