User profiling in intrusion detection: A review
Date
2016
Authors
Peng, J.
Choo, K.K.R.
Ashman, H.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Journal article
Citation
Journal of Network and Computer Applications, 2016; 72:14-27
Statement of Responsibility
Conference Name
Abstract
Intrusion detection systems are important for detecting and reacting to the presence of unauthorised users of a network or system. They observe the actions of the system and its users and make decisions about the legitimacy of the activity and users. Much work on intrusion detection has focused on analysing the actions triggered by users, determining that atypical or disallowed actions may represent unauthorised use. It is also feasible to observe the users' own behaviour to see if they are acting in their 'usual' way, reporting on any sufficiently-aberrant behaviour. Doing this requires a user profile, a feature found more often in marketing and education, but increasingly in security contexts. In this paper, we survey literature on intrusion detection and prevention systems from the viewpoint of exploiting the behaviour of the user in the context of their user profile to confirm or deny the legitimacy of their presence on the system (i.e. review of intrusion detection and prevention systems aimed at user profiling). User behaviour can be measured with both behavioural biometrics, such as keystroke speeds or mouse use, but also psychometrics which measure higher-order cognitive functions such as language and preferences.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2016 Elsevier Ltd.