Slashdot Mirror

← Back to Stories (view on slashdot.org)

Predicting User Behavior to Improve Security

Posted by michael on from the many-little-brothers dept.

CitizenC writes "New computer-monitoring software designed to second-guess the intentions of individual system users could be close to perfect at preventing security breaches, say researchers. Read more." The paper (pdf) is online as well.

8 of 133 comments (clear)

  1. hmmm... by Britissippi · · Score: 4, Insightful
    Sounds great in theory, however, what happens when users change roles, get promoted, demoted..... and what they have to do with their terminal changes as a result. You'd have to have a staff working full time at any average sized company making the system changes to keep this thing from triggering constant alerts.

    Does sound promising though.

    --
    Meow meow meow meow, meow meow meow meow...
    1. Re:hmmm... by bmwm3nut · · Score: 4, Insightful

      i don't think they mentioned the method in the article. but i can imagine using something like a neural network to learn the users' behaviors. from my limited work with nerual networks, i've discovered that they're really robust when they learn a problem. it's totally concievable that a neural net could learn irrational behavior too.

      promotions wouldn't be a problem either. you have the network have a parameter for the type of job that a user is supposed to be doing. when they get a promotion that job type will change. their new behavior will not be marked as bad until the system learns the new behavior.

      of course everything i said is under the assumption that they'll be using neural networks.

  2. Well, um by Roadmaster · · Score: 5, Insightful

    if they had any clue about real-world users, they'd know they're absolutely unpredictable. A user's creativeness to mess things up never ceases to amaze.

  3. Stifle creativity by nut · · Score: 5, Insightful

    This would encourage users not to experiment and find new ways of doing tasks, if everytime you tried something new a sysad came round to ask you what you were doing.

    --
    Never trust a man in a blue trench coat, Never drive a car when you're dead
  4. Minority Report? by zoward · · Score: 5, Insightful

    And how long will it be before users start losing privileges for things that they "potentially might do" (with a 94% accuracy rate). About one in 20 of us is really going to suffer for this one.

    --
    "Can't you see that everyone is buying station wagons?"
  5. Remember that this is network security by complexmath · · Score: 4, Insightful

    The average user may be adept at breaking his PC, but he's much less likely to, say, flood the network with bad packets.

  6. Re:Not bad but... by aridhol · · Score: 4, Insightful

    Nothing can ever be the only line of defense. How many PHBs know that? When they see/hear from media/rumours that this is the ultimate defence, how many of them will rush out to get it and tell their IT staff that this is all they need?

    --
    I can't say that I don't give a fuck. I've just run out of fuck to give.
  7. "Success" - "false positive" = garbage by dpbsmith · · Score: 5, Insightful

    Any time someone mentions a "success rate" without also mentioning the false positive rate, they're feeding you garbage

    I'd be much more impressed by a claim of an 0.001% false alarm rate than I am by a 94% success rate.

    Yet, on a per-line basis, if you assume that a user averages, say, three typed lines per minute, that's 180 lines per hour = 360000 lines per working year.

    A .001% false alarm rate means that an innocent worker is going to be interrupted THREE TIMES A YEAR by burly security people at the cube doorway shouting "Hands off that keyboard RIGHT NOW!"

    --

    "How to Do Nothing," kids activities, back in print!