TY - GEN
T1 - Intrusion detection through behavioral data
AU - Gunetti, Daniele
AU - Ruffo, Giancarlo
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 1999.
PY - 1999
Y1 - 1999
N2 - We present an approach to the problem of detecting intrusions in computer systems through the use behavioral data produced by users during their normal login sessions. In fact, attacks may be detected by observing abnormal behavior, and the technique we use consists in associating to each system user a classifier made with relational decision trees that will label login sessions as “legals” or as “intrusions”. We perform an experimentation for 10 users, based on their normal work, gathered during a period of three months.We obtain a correct user recognition of 90%, using an independent test set. The test set consists of new, previously unseen sessions for the users considered during training, as well as sessions from users not available during the training phase. The obtained performance is comparable with previous studies, but (1) we do not use information that may effect user privacy and (2) we do not bother the users with questions.
AB - We present an approach to the problem of detecting intrusions in computer systems through the use behavioral data produced by users during their normal login sessions. In fact, attacks may be detected by observing abnormal behavior, and the technique we use consists in associating to each system user a classifier made with relational decision trees that will label login sessions as “legals” or as “intrusions”. We perform an experimentation for 10 users, based on their normal work, gathered during a period of three months.We obtain a correct user recognition of 90%, using an independent test set. The test set consists of new, previously unseen sessions for the users considered during training, as well as sessions from users not available during the training phase. The obtained performance is comparable with previous studies, but (1) we do not use information that may effect user privacy and (2) we do not bother the users with questions.
UR - http://www.scopus.com/inward/record.url?scp=84957621815&partnerID=8YFLogxK
U2 - 10.1007/3-540-48412-4_32
DO - 10.1007/3-540-48412-4_32
M3 - Conference contribution
AN - SCOPUS:84957621815
SN - 3540663320
SN - 9783540663324
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 383
EP - 394
BT - Advances in Intelligent Data Analysis - 3rd International Symposium, IDA 1999, Proceedings
A2 - Hand, David J.
A2 - Kok, Joost N.
A2 - Berthold, Michael R.
PB - Springer Verlag
T2 - 3rd International Symposium on Intelligent Data Analysis, IDA 1999
Y2 - 9 August 1999 through 11 August 1999
ER -