Slashdot Mirror

← Back to Stories (view on slashdot.org)

Predicting User Behavior to Improve Security

Posted by michael on from the many-little-brothers dept.

CitizenC writes "New computer-monitoring software designed to second-guess the intentions of individual system users could be close to perfect at preventing security breaches, say researchers. Read more." The paper (pdf) is online as well.

5 of 133 comments (clear)

  1. Not as crazy as it sounds by Damion · · Score: 3, Informative

    There are/were some people working on something like this here at CMU. They had posted up bunch of the raw data that they had collected (basically just shell histories with each command run being assigned to a number, and then plotted as number of command (for instance, the 40th command the user entered) against the number value of the command). The results were extremely regular, and in many cases, downright periodic. People are far more predictable than they would like to think.

    --
    Common sense is what tells you the world is flat.
  2. Intelligent pr0n filters.. by grub · · Score: 4, Informative


    ..are what we need. If someone could come up with a box that could filter pages based on the amount of pink within the images I could delete 80% of my outgoing firewall rules at work!

    --
    Trolling is a art,
  3. Re:aliasing by halftrack · · Score: 5, Informative

    I think that's untrue such a scam is not viable. The shell scripts would call commands that get registered by the system and plain alias will only affect the user, the system still sees the original command.

    --
    Look a monkey!
  4. Re:Not bad but... by Damion · · Score: 4, Informative

    Well, this could never be the only line of defense. Applying patches regularly and maintaining sane security guidelines could never be obviated by an automated system. Think of this as just another level of intrusion detection software. The methods used to stop intrusions from happening in the first, and those to mop up afterward, would remain unchanged.

    --
    Common sense is what tells you the world is flat.
  5. Re:After reading the PDF intently (skimming) by Sludge · · Score: 4, Informative
    This seems to stop people from using an account that has access to certain data, which is not their account. If a user usually accesses files with Explorer, and someone sits down at their logged in machine and brings up a command prompt, CDs to the dir, and types 'start .', that would trigger a variant in behaviour.

    You could go even further and log a typing rate jump or dip of 30 WPM.