San Francisco, CA
May 23, 2013 to May 24, 2013
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SPW.2013.33
We propose a machine learning-based method for biometric identification of user behavior, for the purpose of masquerade and insider threat detection. We designed a sensor that captures system-level events such as process creation, registry key changes, and file system actions. These measurements are used to represent a user's unique behavior profile, and are refined through the process of Fisher feature selection to optimize their discriminative significance. Finally, a Gaussian mixture model is trained for each user using these features. We show that this system achieves promising results for user behavior modeling and identification, and surpasses previous works in this area.
feature extraction, active authentication, user behavior biometrics, insider detection, masquerader detection, behavior modeling
Yingbo Song, Malek Ben Salem, Shlomo Hershkop, Salvatore J. Stolfo, "System Level User Behavior Biometrics using Fisher Features and Gaussian Mixture Models", SPW, 2013, 2013 IEEE CS Security and Privacy Workshops (SPW2013), 2013 IEEE CS Security and Privacy Workshops (SPW2013) 2013, pp. 52-59, doi:10.1109/SPW.2013.33