Learning Symbolic User Models for Intrusion Detection: A Method and Initial Results
Date
2006-06
Authors
Michalski, Ryszard S.
Kaufman, Kenneth A.
Pietrzykowski, Jaroslaw
Śnieżyński, Bartłomiej
Wojtusiak, Janusz
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
This paper briefly describes the LUS-MT method for automatically learning user signatures (models of computer users) from datastreams capturing users’ interactions with computers. The signatures are in the form of collections of multistate templates (MTs), each characterizing a pattern in the user’s behavior. By applying the models to new user activities, the system can detect an imposter or verify legitimate user activity. Advantages of the method include the high expressive power of the models (a single template can characterize a large number of different user behaviors) and the ease of their interpretation, which makes possible their editing or enhancement by an expert. Initial results are very promising and show the potential of the method for user modeling.
Description
Keywords
Citation
Michalski, R. S., Kaufman, K., Pietrzykowski, J., Sniezynski, B. and Wojtusiak, J., "Learning Symbolic User Models for Intrusion Detection: A Method and Initial Results," Proceedings of the Intelligent Information Processing and Web Mining Conference, IIPWM 06, Ustron, Poland, June 19-22, 2006.