Abstract
We present an approach to the problem of detecting intru-
sions in computer systems through the use behavioral data produced by
users during their normal login sessions. In fact, attacks may be detected
by observing abnormal behavior, and the technique we use consists in
associating to each system user a classifier made with relational decision
trees that will label login sessions as "legals" or as "intrusions".
We perform an experimentation for 10 users, based on their normal work,
gathered during a period of three months. We obtain a correct user recog-
nition of 90%, using an independent test set. The test set consists of new,
previously unseen sessions for the users considered during training, as
well as sessions from users not available during the training phase. The
obtained performance is comparable with previous studies, but (1) we
do not use information that may effect user privacy and (2) we do not
bother the users with questions.
| Lingua originale | Inglese |
|---|---|
| Pagine | 383-394 |
| Numero di pagine | 12 |
| Stato di pubblicazione | Pubblicato - 1999 |
| Evento | third symposium on Intelligent Data Analysis - Amsterdam Durata: 1 gen 1999 → … |
???event.eventtypes.event.conference???
| ???event.eventtypes.event.conference??? | third symposium on Intelligent Data Analysis |
|---|---|
| Città | Amsterdam |
| Periodo | 1/01/99 → … |
Keywords
- Computer Security
- Intrusion Detection
- Behavioura Data