Slashdot Mirror

← Back to Stories (view on slashdot.org)

Predicting User Behavior to Improve Security

Posted by michael on from the many-little-brothers dept.

CitizenC writes "New computer-monitoring software designed to second-guess the intentions of individual system users could be close to perfect at preventing security breaches, say researchers. Read more." The paper (pdf) is online as well.

16 of 133 comments (clear)

  1. hmmm... by Britissippi · · Score: 4, Insightful
    Sounds great in theory, however, what happens when users change roles, get promoted, demoted..... and what they have to do with their terminal changes as a result. You'd have to have a staff working full time at any average sized company making the system changes to keep this thing from triggering constant alerts.

    Does sound promising though.

    --
    Meow meow meow meow, meow meow meow meow...
    1. Re:hmmm... by CoffeeDad · · Score: 3, Insightful

      I'd guess that clearing out the learned habits of any given user, say for example when roles or responsibilities change, would be a rather routine and trivial administration task? Not unlike resetting a password or adding someone to a print queue that's not so far down the hall...

      - Just my $0.02

    2. Re:hmmm... by bmwm3nut · · Score: 4, Insightful

      i don't think they mentioned the method in the article. but i can imagine using something like a neural network to learn the users' behaviors. from my limited work with nerual networks, i've discovered that they're really robust when they learn a problem. it's totally concievable that a neural net could learn irrational behavior too.

      promotions wouldn't be a problem either. you have the network have a parameter for the type of job that a user is supposed to be doing. when they get a promotion that job type will change. their new behavior will not be marked as bad until the system learns the new behavior.

      of course everything i said is under the assumption that they'll be using neural networks.

  2. Well, um by Roadmaster · · Score: 5, Insightful

    if they had any clue about real-world users, they'd know they're absolutely unpredictable. A user's creativeness to mess things up never ceases to amaze.

  3. Gee, by He+Was+Gamecubed · · Score: 3, Insightful

    This would work fine, with windows, you know. those 'illegal operations' have a really obvious prompt, it's easy to tell when someone is up to something.

  4. Stifle creativity by nut · · Score: 5, Insightful

    This would encourage users not to experiment and find new ways of doing tasks, if everytime you tried something new a sysad came round to ask you what you were doing.

    --
    Never trust a man in a blue trench coat, Never drive a car when you're dead
  5. Minority Report? by zoward · · Score: 5, Insightful

    And how long will it be before users start losing privileges for things that they "potentially might do" (with a 94% accuracy rate). About one in 20 of us is really going to suffer for this one.

    --
    "Can't you see that everyone is buying station wagons?"
  6. Remember that this is network security by complexmath · · Score: 4, Insightful

    The average user may be adept at breaking his PC, but he's much less likely to, say, flood the network with bad packets.

  7. it does not bode well for those of us... by Anonymous Coward · · Score: 1, Insightful

    ...who learn by breaking things repeatedly, and on purpose.

  8. Re:Not bad but... by aridhol · · Score: 4, Insightful

    Nothing can ever be the only line of defense. How many PHBs know that? When they see/hear from media/rumours that this is the ultimate defence, how many of them will rush out to get it and tell their IT staff that this is all they need?

    --
    I can't say that I don't give a fuck. I've just run out of fuck to give.
  9. Nice in theory but by JeanBaptiste · · Score: 3, Insightful

    The users I manage are completely unpredictable. Not to sound like a Luddite, but there is no technology that will ever predict what my users do. If there is a way to do it, it will be done. Millions of monkeys with millions of typewriters, and that is a great analogy for what I have seen...

  10. Expected Behaviour vs. Modified Behaviour by thatguywhoiam · · Score: 3, Insightful
    I would be interested to know just what happens when a user is merely aware that this system is running.

    The described system seems to base it's rules on learned user habits; obviously, this strikes one as being incredibly fallible. Assuming their 94% figure is correct for the sake of argument, how do you think *your* behaviour would change knowing full-well that you are being watched?

    There are laws in certain places that say a user (in a corporate environment) must be notofied that they are being monitored at that very second. Some software places a pair of eyeballs - how creepy is that - in the toolbar when this occurs.

    If the thing's purpose is to sniff out 'suspicious' behavious, I can't see how it could work properly. I mean, how can it sniff out 'motive'?

    --
    If Jesus wants me it knows where to find me.
  11. "Success" - "false positive" = garbage by dpbsmith · · Score: 5, Insightful

    Any time someone mentions a "success rate" without also mentioning the false positive rate, they're feeding you garbage

    I'd be much more impressed by a claim of an 0.001% false alarm rate than I am by a 94% success rate.

    Yet, on a per-line basis, if you assume that a user averages, say, three typed lines per minute, that's 180 lines per hour = 360000 lines per working year.

    A .001% false alarm rate means that an innocent worker is going to be interrupted THREE TIMES A YEAR by burly security people at the cube doorway shouting "Hands off that keyboard RIGHT NOW!"

    --

    "How to Do Nothing," kids activities, back in print!

  12. Re:Intelligent pr0n filters.. by Bloody+Bastard · · Score: 2, Insightful

    Then, they would start to apply color filters to the pictures...

  13. Changing tactics by Icefyre · · Score: 2, Insightful

    Any serious hacker will do their homework beforehand. This just makes one more step in the process of mapping out a target. Once you understand how the software works I'm sure it wouldn't be hard to circumvent given the time and dedication, not to mention the fact that it could potentially *open* security holes for malicious users to exploit.

    --
    "I'm not a vegetarian because I love animals. I'm a vegetarian because I hate plants."
  14. Do The Math by Lucas+Membrane · · Score: 3, Insightful
    They claim "up to 94 percent reliable". (You get those emails that say "earn up to $300/hour stuffing envelopes at home"?). "Up to" is a weasel word, just like "arguably", eg it ain't gonna happen.

    But, even if it is 94%, if you've got a system that runs around 100 users, then 94% equals approximately 1 million mistakes per year. Where does the budget come from to timely track down 1 million false alarms annually? How is any analyst going to seriously follow every machine-generated warning when 99.99% of the machine-generated warnings are spurious?

    Let us now return to reality, which is already in progress.