Abstract
The objective of intrusion detection systems is to identify attacks on host or networks based computer systems. IDS also categorise based on attacks, if attacks pattern are known then signature-based intrusion detection method is used or if abnormal behavior then anomaly (behavior) based intrusion detection method is used. We have retrieved various user behavior parameters such as resource access and usage, count of input devices such as a keyboard and mouse access. The focus of this paper is to identify whether user behavior is normal or abnormal on host-based GUI systems using statistical techniques. We apply simple Aggregation measure and Logistic Regression methods on user behavior log. Based on our implementation, Evaluation show significance accuracy in the training set to result in confusion matrix using Logistic Regression method.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Denning, D.: An intrusion detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987)
Wafa, S.A., Naoum, R.: Development of genetic-based machine learning for network intrusion detection. World Acad. Sci. Eng. Technol. 55, 20–24 (2009)
Gerken, M.: Statistical-Based Intrusion Detection. http://www.sei.cmu.edu/str/descriptions/sbid.html. August 2007
Axelsson, S.: Intrusion detection systems: a taxonomy and survey, Department of Computer Engineering, Chalmers University of Technology, Sweden, Technical report 99–15 March 2000
Umphress, D., Williams, G.: Identity verification through keyboard characteristics. Int. J. Man Mach. Stud. 23(3), 263–273 (1985)
Anderson, J.: Computer Security Threat Monitoring and Surveillance. James P. Anderson Co., Fort Washington (1980)
Lunt, T.F.: Real-time intrusion detection. In: COMPCON Spring 1989 34th IEEE Computer Society International Conference: Intellectual Leverage, Digest of Papers, pp. 348–353. IEEE Press, Washington (1989)
Smaha, S.E.: Haystack: an intrusion detection system. In: 4th ACSAC, pp. 37–44. IEEE Press, Washington (1988)
Balajinath, B., Raghavan, S.V.: Intrusion detection through learning behavior model. Comput. Commun. 24(12), 1202–1212 (2001)
Gunetti, D., Ruffo, G.: Intrusion detection through behavioral data. In: Hand, D.J., Kok, J.N., Berthold, M.R. (eds.) IDA 1999. LNCS, vol. 1642, pp. 383–394. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48412-4_32
Tan, K.: The application of neural networks to UNIX computer security. In: Proceedings IEEE International Conference on Neural Networks, vol. 1, pp. 476–481. IEEE Press, Washington (1995)
Gu, G., Cardenas, A.A., Lee, K.: Principled reasoning and practical applications of alert fusion in intrusion detection systems. In: 2008 Proceedings ASIACCS, pp. 136–147. ACM, New York (2008)
Shavlik, J., Shavlik, M.: Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage. In: Proceedings 10th ACM SIGKDD, pp. 276–285. ACM, New York (2004)
Pusara, M., Brodley, C.E.: User re-authentication via mouse movements. In: ACM Workshop on Visualization and Data Mining for Computer Security, pp. 1–8. ACM, New York (2004)
Bergadano, F., Gunetti, D., Picardi, C.: Identity verification through dynamic keystroke analysis. Intell. Data Anal. 7(5), 469–496 (2003)
Vizer, L.M., Zhou, L., Sears, A.: Automated stress detection using keystroke and linguistic features: an exploratory study. IJHCS 67(10), 870–886 (2009)
Om, H., Hazra, T.: Statistical techniques in anomaly intrusion detection system. Int. J. Adv. Eng. Technol. 5(1), 387–398 (2012). ISSN: 2231-1963
Debar, H., Dacier, M., Wespi, A.: A revised taxonomy for intrusion-detection systems. Ann. Des Télécommun. 55(7–8), 361–378 (2000)
García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)
Anderson, D., Frivold, T., Tamaru, A., Valdes, A., Release, B.: Next Generation Intrusion Detection Expert System (NIDES), software users manual., http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.26.5048. Accessed 19 February 2016
Qayyum, A., Islam, M.H., Jamil, M.: Taxonomy of statistical based anomaly detection techniques for intrusion detection. In: Proceedings of the IEEE Symposium on Emerging Technologies, pp. 270–276 (2005)
Jyothsna, V.V.R.P.V., Prasad, V.R., Prasad, K.M.: A review of anomaly based intrusion detection systems. Int. J. Comput. Appl., 28(7), 26–35 (2011)
Ashfaq, A.B., Javed, M., Khayam, S.A., Radha, H.: An Information-theoretic combining method for multi-classifier anomaly detection systems. In: IEEE International Conference on Communications, pp. 1–5 (2010)
Mok, M.S., Sohn, S.Y., Ju, Y.H.: Random effects logistic regression model for anomaly detection. Expert Syst. Appl. 37 7162–7166 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Malek, Z.S., Trivedi, B., Shah, A. (2019). User Behavior-Based Intrusion Detection Using Statistical Techniques. In: Luhach, A., Singh, D., Hsiung, PA., Hawari, K., Lingras, P., Singh, P. (eds) Advanced Informatics for Computing Research. ICAICR 2018. Communications in Computer and Information Science, vol 956. Springer, Singapore. https://doi.org/10.1007/978-981-13-3143-5_39
Download citation
DOI: https://doi.org/10.1007/978-981-13-3143-5_39
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-3142-8
Online ISBN: 978-981-13-3143-5
eBook Packages: Computer ScienceComputer Science (R0)