User profiling in intrusion detection: A review. (September 2016)
- Record Type:
- Journal Article
- Title:
- User profiling in intrusion detection: A review. (September 2016)
- Main Title:
- User profiling in intrusion detection: A review
- Authors:
- Peng, Jian
Choo, Kim-Kwang Raymond
Ashman, Helen - Abstract:
- Abstract: Intrusion detection systems are important for detecting and reacting to the presence of unauthorised users of a network or system. They observe the actions of the system and its users and make decisions about the legitimacy of the activity and users. Much work on intrusion detection has focused on analysing the actions triggered by users, determining that atypical or disallowed actions may represent unauthorised use. It is also feasible to observe the users' own behaviour to see if they are acting in their'usual' way, reporting on any sufficiently-aberrant behaviour. Doing this requires a user profile, a feature found more often in marketing and education, but increasingly in security contexts. In this paper, we survey literature on intrusion detection and prevention systems from the viewpoint of exploiting the behaviour of the user in the context of their user profile to confirm or deny the legitimacy of their presence on the system (i.e. review of intrusion detection and prevention systems aimed at user profiling). User behaviour can be measured with both behavioural biometrics, such as keystroke speeds or mouse use, but also psychometrics which measure higher-order cognitive functions such as language and preferences. Graphical abstract: Highlights: User profiling in intrusion detection. Robustness of behavioural characteristics. How to keep user profile secret. Falsify input data to fool the intrusion detection system. Behavioural profiling in intrusionAbstract: Intrusion detection systems are important for detecting and reacting to the presence of unauthorised users of a network or system. They observe the actions of the system and its users and make decisions about the legitimacy of the activity and users. Much work on intrusion detection has focused on analysing the actions triggered by users, determining that atypical or disallowed actions may represent unauthorised use. It is also feasible to observe the users' own behaviour to see if they are acting in their'usual' way, reporting on any sufficiently-aberrant behaviour. Doing this requires a user profile, a feature found more often in marketing and education, but increasingly in security contexts. In this paper, we survey literature on intrusion detection and prevention systems from the viewpoint of exploiting the behaviour of the user in the context of their user profile to confirm or deny the legitimacy of their presence on the system (i.e. review of intrusion detection and prevention systems aimed at user profiling). User behaviour can be measured with both behavioural biometrics, such as keystroke speeds or mouse use, but also psychometrics which measure higher-order cognitive functions such as language and preferences. Graphical abstract: Highlights: User profiling in intrusion detection. Robustness of behavioural characteristics. How to keep user profile secret. Falsify input data to fool the intrusion detection system. Behavioural profiling in intrusion detection. … (more)
- Is Part Of:
- Journal of network and computer applications. Volume 72(2016)
- Journal:
- Journal of network and computer applications
- Issue:
- Volume 72(2016)
- Issue Display:
- Volume 72, Issue 2016 (2016)
- Year:
- 2016
- Volume:
- 72
- Issue:
- 2016
- Issue Sort Value:
- 2016-0072-2016-0000
- Page Start:
- 14
- Page End:
- 27
- Publication Date:
- 2016-09
- Subjects:
- Behavioural biometrics -- Intrusion detection and prevention systems -- Psychometrics -- User behaviour -- User profiling
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10848045 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jnca.2016.06.012 ↗
- Languages:
- English
- ISSNs:
- 1084-8045
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8059.xml