J. Shavlik, M. Shavlik & M. Fahland (2001).
Evaluating Software Sensors for Actively Profiling Windows 2000 Computer Users. Presented at the Fourth International Symposium on Recent Advances in Intrusion Detection, Davis, CA.

This publication is available in PDF.

Abstract:

We report on a new, on-going intrusion-detection project that empirically investigates the usefulness of ''stealing'' a small amount of CPU cycles (1%), main memory (16MB), and disk memory (100 MB) in order to continually gather and analyze dozens of fine-grained system measurements, such as network traffic, identity of the current programs executing, and the user's typing speed. The underlying scientific hypothesis is that a properly chosen set of measurements can provide a ''fingerprint'' that is unique to each user. Hence, such measurements could serve to help distinguish appropriate use of a given computer from misuse, especially by insiders.

Return to the publications of the Univ. of Wisconsin Machine Learning Research Group.