Ned bakelman advisor dr charles tappert
This presentation is the property of its rightful owner.
Sponsored Links
1 / 7

Ned Bakelman Advisor: Dr. Charles Tappert PowerPoint PPT Presentation


  • 97 Views
  • Uploaded on
  • Presentation posted in: General

Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection. Ned Bakelman Advisor: Dr. Charles Tappert. Problem Statement. Using Keystroke Biometrics, how quickly and accurately can the unauthorized use of a computer be determined?

Download Presentation

Ned Bakelman Advisor: Dr. Charles Tappert

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ned bakelman advisor dr charles tappert

Research Experiment Design Sprint:

Keystroke Biometric Intrusion Detection

Ned Bakelman

Advisor: Dr. Charles Tappert


Ned bakelman advisor dr charles tappert

Problem Statement

Using Keystroke Biometrics, how quickly and accurately can the unauthorized use of a computer be determined?

In other words, how quickly and accurately can the unauthorized use of a computer by an intruder be detected using Keystroke Biometrics?


Ned bakelman advisor dr charles tappert

Background

  • DARPA (Defense Advanced Research Projects Agency) through their Cyber Genome Program is funding research in computer intrusion detection

  • This includes the use of keystroke analysis

  • Pace University has developed a keystroke biometrics system for text input

  • Studies have shown that 300 keystrokes provides good accuracy

  • The Pace Keystroke Biometric System (PKBS) has been updated to handle completely free (application independent) keystroke samples

DARPA, Cyber Genome Program, DARPA-BAA-10-36, 2010

Foxnews.com, Chiaramonte, Perry,http://www.foxnews.com/scitech/2011/10/07/us-military-drones-infected-with-mysterious-computer-virus, last updated: October 7, 2011

CNN.com, Lawrence, Chris, http://www.cnn.com/2011/10/10/us/military-drones-virus/index.html?eref=rss_politics&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fcnn_allpolitics+%28RSS%3A+Politics%29&utm_content=Google+Feedfetcher, last updated: October 10, 2011


Ned bakelman advisor dr charles tappert

Methodology

  • Monitor each computer and continuously authenticate the user from their keystroke input

  • Assume one authorized user per computer

  • An intruder is defined as someone other than the authorized user

  • Each authentication event is viewed as a window which can occur several times within a short period of time. We want to detect an intruder during each passing of a window.


Ned bakelman advisor dr charles tappert

Intruder Scenarios

  • User Bob leaves his office for lunch with his computer running and unlocked

  • Intruder Trudy sits down at Bob’s desk and uses the computer while Bob is at lunch

  • Trudy may perform less malicious activities such as using the computer to type documents, surf the web, check her Facebook account, etc.

  • Trudy may perform very malicious activities such as sending emails impersonating Bob, entering fake claims in an expense tracking system, attempting to steal passwords or account info that Bob may have saved on his computer to gain access to personal or company bank accounts, etc.


Ned bakelman advisor dr charles tappert

Research Experiment Design Sprint

  • Design experiments to investigate the problem statement regarding the intruder scenarios

  • Ideas

    • What unique keywords or commands might an intruder key in to detect passwords, accounts, etc?

    • What mouse behavior or web activity (searches, etc.) might an intruder perform?

    • These would be activities not typical of a true user

  • Also

    • Keystroke entry is a time series event

    • How would you simulate the time series keystroke data of an authentic user with intruder data?


Ned bakelman advisor dr charles tappert

Normal User versus Intruder User

  • What is normal or typical user activity

    • Email, word processing, spreadsheet entry, web surfing, etc.

  • What is intruder activity

    • Are there special characteristics?

    • Can they be distinguishable from normal activity?

  • Can special characteristics of intruder data be used to assist with intruder detection? If so, how?


  • Login