Article
Masquerade detection on GUI-based Windows systems
International Journal of Security and Networks
(2015)
Abstract
A masquerader is an attacker who attempts to mimic the behaviour of a legitimate user so as to evade detection. Much previous research on masquerade detection has focused on analysis of command-line input in UNIX systems. However, these techniques may fail to detect attacks on modern graphical user interface (GUI)-based systems, where typical user activities include mouse movements, in addition to keystrokes. We have developed an event logging tool for Windows systems which has been used to collect a large, publicly available dataset suitable for testing masquerade detection strategies. Using this dataset, we employ hidden Markov model (HMM) analysis to compare the effectiveness of various detection strategies. Our results show that a linear combination of keyboard activity and mouse movements, yields stronger results than when relying on keyboard activity alone, or mouse movements alone. These preliminary results can serve as a baseline for future masquerade detection research.
Keywords
- masquerade detection,
- Windows,
- GUI,
- graphical user interface,
- HMM,
- hidden Markov models,
- mouse movements,
- keystrokes,
- event logging,
- keyboard activity,
- masqueraders,
- masquerade attacks,
- security
Disciplines
Publication Date
2015
DOI
10.1504/IJSN.2015.068409
Citation Information
Arshi Agrawal and Mark Stamp. "Masquerade detection on GUI-based Windows systems" International Journal of Security and Networks Vol. 10 Iss. 1 (2015) p. 32 - 41 ISSN: 1747-8405 Available at: http://works.bepress.com/mark_stamp/66/