Abstract:
This paper describes briefly a method for applying AQ symbolic learning to problems of computer user modeling and intrusion detection. The method, called LUS (Learning User Signatures), learns models of users’ interaction in the form of sets of rules in attributional calculus, and signals a possible intrusion when a user interaction with a computer violates the model. An important characteristic of LUS is that the generated user signatures are easy to interpret and understand. We describe briefly the LUS method, the machine learning and inference tools developed to support it, and selected initial experimental results from its application to real-world data.
