Volume 3, Issue 2 (6-2011)                   IJICTR 2011, 3(2): 67-71 | Back to browse issues page

XML Print

Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

Kaghazgaran P, Sadeghyan B. Masquerade Detection Using GUI Events in Windows Systems . IJICTR. 2011; 3 (2) :67-71
URL: http://ijict.itrc.ac.ir/article-1-218-en.html
1- Dept. of Computer Engineering & IT Amirkabir University of Tehren (AUT) Tehran, Iran
Abstract:   (2099 Views)

Masquerade attack in computer systems refers to the illegitimate user activities while pretending to be legitimate user. Detection of such attacks is done by discovering significant changes in user's behavior based on his profile. Profile is built by data produced from mouse, keyboard and other devices. In this paper we propose a practical approach for collecting GUI data and deriving useful parameters included both mouse and keyboard events from Windows OS. We model user identification and masquerade detection as a binary classification problem. Profiling and user classification is accomplished by use of Support Vector Machine (SVM) algorithm. Feature vectors are fed to SVM. The output is behavioral pattern which builds the profile. System is trained by normal behavior and detects deviations from profile. According to the results of implementation the proposed approach ensure detection rate up to 94% with few false alarm.

Full-Text [PDF 750 kb]   (755 Downloads)    
Type of Study: Research | Subject: Information Technology

Add your comments about this article : Your username or Email: