CINECA IRIS Institutional Research Information System

We present an approach to the problem of detecting intru- sions in computer systems through the use behavioral data produced by users during their normal login sessions. In fact, attacks may be detected by observing abnormal behavior, and the technique we use consists in associating to each system user a classifier made with relational decision trees that will label login sessions as "legals" or as "intrusions". We perform an experimentation for 10 users, based on their normal work, gathered during a period of three months. We obtain a correct user recog- nition of 90%, using an independent test set. The test set consists of new, previously unseen sessions for the users considered during training, as well as sessions from users not available during the training phase. The obtained performance is comparable with previous studies, but (1) we do not use information that may effect user privacy and (2) we do not bother the users with questions.

Intrusion Detection through Behavioral Data

GUNETTI, Daniele;RUFFO, Giancarlo Francesco

1999-01-01

Abstract

We present an approach to the problem of detecting intru- sions in computer systems through the use behavioral data produced by users during their normal login sessions. In fact, attacks may be detected by observing abnormal behavior, and the technique we use consists in associating to each system user a classifier made with relational decision trees that will label login sessions as "legals" or as "intrusions". We perform an experimentation for 10 users, based on their normal work, gathered during a period of three months. We obtain a correct user recog- nition of 90%, using an independent test set. The test set consists of new, previously unseen sessions for the users considered during training, as well as sessions from users not available during the training phase. The obtained performance is comparable with previous studies, but (1) we do not use information that may effect user privacy and (2) we do not bother the users with questions.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno
	
				1999
			
	Lingua di pubblicazione
	
				Inglese
			
	Su invito
	
				contributo
			
	Titolo dell'evento
	
				third symposium on Intelligent Data Analysis
			
	Luogo dell'evento
	
				Amsterdam
			
	Data dell'evento
	
				August 1999
			
	Rilevanza dell'evento
	
				Internazionale
			
	Titolo del volume
	
				proc. of the third symposium on Intelligent Data Analysis
			
	Referee
	
				Sì, ma tipo non specificato
			
	Nome editore
	
				Springer Verlag
			
	Città editore
	
				Berlin
			
	Nazione editore
	
				GERMANIA
			
	N. Volume
	
				LNCS 1642
			
	Pagine (da)
	
				383
			
	Pagine (a)
	
				394
			
	Codice ISI WoS
	
				WOS:000088252300032
			
	Codice Scopus
	
				2-s2.0-84957621815
			
	Parole Chiave
	
				Computer Security; Intrusion Detection; Behavioura Data
			
	Numero autori
	
				2
			
	Tipologia
	
				info:eu-repo/semantics/conferenceObject
			
	Tipologia
	
				04-CONTRIBUTO IN ATTI DI CONVEGNO::04A-Conference paper in volume
			
	Tutti gli autori
	
						GUNETTI D.; G. RUFFO
					
	Tipologia sito docente
	
				273
			
	Fulltext
	
				none
			
	Appare nelle tipologie:
	
				04A-Conference paper in volume

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2318/19866

Citazioni

ND

11

6

social impact