Statistical Behavioral Intrusion Detection Cover Image

Statistical Behavioral Intrusion Detection
Statistical Behavioral Intrusion Detection

Author(s): Vladimir Belperchinov, Dimitar Atanasov
Subject(s): ICT Information and Communications Technologies
Published by: Нов български университет
Keywords: behavioural model; logistic regression;

Summary/Abstract: All user interactions with certain computer systems tend to show different patterns. Those patterns may be combined to build common model for each or all users. The model shows the behaviour of single users or for all users of a computer system. If the behaviour is properly described a certain ”spikes” can be found. Such spikes may show interactions which are in result of user credentials hijacking, unexpected actions from properly authorized users or unobvious system design flaws. User credentials or authorization line hijacking is probably the most common problem with user-based computer systems. However searching for unexpected behaviour may show if user with correct credentials try to use the system harmfully. Building the behaviour model uses all available system and user session parameters such as specific system functions, their parameters, users’ login sessions including login time and duration. Example of those for a online-banking system would be money transfer types (internal, domestic, international), recipients, transfers amounts and filing time, user login time and duration. Gathering wide system parameters for each and all users will help to build strong behavior model and will lead to accurate reporting of unexpected or unusual interactions. The proposed model is based on a peruser set of parameters, determined by a logistic type relationship. The parameters of the model can be estimated offline and can be stored periodically. During the user session the values of the parameters can be used for evaluating the probability of correct identification.

  • Issue Year: 10/2014
  • Issue No: 1
  • Page Range: 373-380
  • Page Count: 8
  • Language: English
Toggle Accessibility Mode