Home // SECURWARE 2014, The Eighth International Conference on Emerging Security Information, Systems and Technologies // View article

N-Gram-Based User Behavioral Model for Continuous User Authentication

Authors:
Leslie Milton
Bryan Robbins
Atif Memon

Keywords: behavioral modeling; continuous authentication; software security; n-grams

Abstract:
We posit that each of us is unique in our use of computer systems. It is this uniqueness that we leverage in this paper to “continuously authenticate users” while they use web software. We build an n-gram model of each user’s interactions with software. This probabilistic model essentially captures the sequences and sub-sequences of user actions, their orderings, and temporal relationships that make them unique. We therefore have a model of how each user typically behaves. We then continuously monitor each user during software operation; large deviations from “normal behavior” can indicate malicious behavior. We have implemented our approach in a system called Intruder Detector (ID) that models user actions as embodied in the web logs generated in response to the actions. Our experiments on a large fielded system with web logs of approximately 320 users show that (1) our model is indeed able to discriminate between different user types and (2) we are able to successfully identify deviations from normal behavior.

Pages: 43 to 49

Copyright: Copyright (c) IARIA, 2014

Publication date: November 16, 2014

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-376-6

Location: Lisbon, Portugal

Dates: from November 16, 2014 to November 20, 2014