Mason Archival Repository Service

Learning User Models for Computer Intrusion Detection: Preliminary Results from Natural Induction Approach

Show simple item record

dc.contributor.author Michalski, Ryszard S.
dc.contributor.author Kaufman, Kenneth A.
dc.contributor.author Pietrzykowski, Jaroslaw
dc.contributor.author Śnieżyński, Bartłomiej
dc.contributor.author Wojtusiak, Janusz
dc.date.accessioned 2006-11-03T18:17:33Z
dc.date.available 2006-11-03T18:17:33Z
dc.date.issued 2005-11 en_US
dc.identifier.citation Michalski, R. S., Kaufman, K., Pietrzykowski, J., Śnieżyński, B. and Wojtusiak, J., "Learning User Models for Computer Intrusion Detection: Preliminary Results from Natural Induction Approach," Reports of the Machine Learning and Inference Laboratory, MLI 05-3, George Mason University, Fairfax, VA, November, 2005. en_US
dc.identifier.uri https://hdl.handle.net/1920/1495
dc.description.abstract This paper presents a description of the LUS method for creating models (signatures) of computer users from datastreams that characterize users' interactions with computers, and the results of initial experiments with this method. By applying the models to new user activities, the system can detect an imposter, or verify a user’s legitimate activity. In this research, original datastreams are lists of records extracted from the operating system’s process table. The learned user signatures (LUS) are primarily in the reported results in the form of sets of multistate templates (MTs), each characterizing one pattern in the user’s behavior. Advantages of the method include the significant expressive power of the representation (a single template can characterize a large number of different user behaviors) and the ease of their interpretation, which makes possible their editing or enhancement by an expert. Presented initial results show a great promise and power of the method.
dc.description.sponsorship This research was supported in part by the UMCB/LUCITE #32 grant, and in part by the National Science Foundation under Grants No. IIS-0097476 and IIS-9906858. en_US
dc.format.extent 2757 bytes
dc.format.extent 3122339 bytes
dc.format.mimetype text/xml
dc.format.mimetype application/pdf
dc.language.iso en_US en_US
dc.relation.ispartofseries P 05-6 en_US
dc.subject intrusion detection en_US
dc.subject Machine learning en_US
dc.subject rule learning en_US
dc.title Learning User Models for Computer Intrusion Detection: Preliminary Results from Natural Induction Approach en_US
dc.type Technical report en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search MARS


Browse

My Account

Statistics