Experimenting with masquerade detection via user task usage uri icon


  • © 2016, Springer-Verlag France.Detecting whether a given activity in a device, corresponds to a legitimate device user or not, is usually carried out by looking for deviations in behavior against a normal usage baseline. One approach to this problem, called masquerade detection, uses the file system navigation information, comprised of the files, folders, and how the user navigates between them, to construct the normal usage baseline. Atop the file system navigation approach for masquerade detection, there is an alternate representation of file system usage which abstracts away a collection of interrelated files into a single symbol, denoting a task; thus, touching any of these files amounts to simply as executing a task. In this paper, we propose a refined notion of the task abstraction, which allows for a better characterization of the user. The improved abstraction makes possible to obtain a better Masquerade Detection System with increased efficiency, resulting in a faster detection of masqueraders.

Publication date

  • November 1, 2017