Masquerade detection on GUI-based Windows systems
by Arshi Agrawal; Mark Stamp
International Journal of Security and Networks (IJSN), Vol. 10, No. 1, 2015

Abstract: A masquerader is an attacker who attempts to mimic the behaviour of a legitimate user so as to evade detection. Much previous research on masquerade detection has focused on analysis of command-line input in UNIX systems. However, these techniques may fail to detect attacks on modern graphical user interface (GUI)-based systems, where typical user activities include mouse movements, in addition to keystrokes. We have developed an event logging tool for Windows systems which has been used to collect a large, publicly available dataset suitable for testing masquerade detection strategies. Using this dataset, we employ hidden Markov model (HMM) analysis to compare the effectiveness of various detection strategies. Our results show that a linear combination of keyboard activity and mouse movements, yields stronger results than when relying on keyboard activity alone, or mouse movements alone. These preliminary results can serve as a baseline for future masquerade detection research.

Online publication date: Wed, 01-Apr-2015

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

 
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?


Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email subs@inderscience.com