Learning User Models for Computer Intrusion Detection: Preliminary Results from Natural Induction Approach
| dc.contributor.author | Michalski, Ryszard S. | |
| dc.contributor.author | Kaufman, Kenneth A. | |
| dc.contributor.author | Pietrzykowski, Jaroslaw | |
| dc.contributor.author | Śnieżyński, Bartłomiej | |
| dc.contributor.author | Wojtusiak, Janusz | |
| dc.date.accessioned | 2006-11-03T18:17:33Z | |
| dc.date.available | 2006-11-03T18:17:33Z | |
| dc.date.issued | 2005-11 | |
| dc.description.abstract | This paper presents a description of the LUS method for creating models (signatures) of computer users from datastreams that characterize users' interactions with computers, and the results of initial experiments with this method. By applying the models to new user activities, the system can detect an imposter, or verify a user’s legitimate activity. In this research, original datastreams are lists of records extracted from the operating system’s process table. The learned user signatures (LUS) are primarily in the reported results in the form of sets of multistate templates (MTs), each characterizing one pattern in the user’s behavior. Advantages of the method include the significant expressive power of the representation (a single template can characterize a large number of different user behaviors) and the ease of their interpretation, which makes possible their editing or enhancement by an expert. Presented initial results show a great promise and power of the method. | |
| dc.description.sponsorship | This research was supported in part by the UMCB/LUCITE #32 grant, and in part by the National Science Foundation under Grants No. IIS-0097476 and IIS-9906858. | |
| dc.format.extent | 2757 bytes | |
| dc.format.extent | 3122339 bytes | |
| dc.format.mimetype | text/xml | |
| dc.format.mimetype | application/pdf | |
| dc.identifier.citation | Michalski, R. S., Kaufman, K., Pietrzykowski, J., Śnieżyński, B. and Wojtusiak, J., "Learning User Models for Computer Intrusion Detection: Preliminary Results from Natural Induction Approach," Reports of the Machine Learning and Inference Laboratory, MLI 05-3, George Mason University, Fairfax, VA, November, 2005. | |
| dc.identifier.uri | https://hdl.handle.net/1920/1495 | |
| dc.language.iso | en_US | |
| dc.relation.ispartofseries | P 05-6 | |
| dc.subject | Intrusion detection | |
| dc.subject | Machine learning | |
| dc.subject | Rule learning | |
| dc.title | Learning User Models for Computer Intrusion Detection: Preliminary Results from Natural Induction Approach | |
| dc.type | Technical report |
Files
Original bundle
1 - 1 of 1