USim: a user behavior simulation framework for training and testing IDSes in GUI based systems

39th Annual Simulation Symposium (ANSS'06) Pub Date : 2006-04-02 DOI:10.1109/ANSS.2006.45

A. Garg, V. Sankaranarayanan, S. Upadhyaya, K. Kwiat

{"title":"USim: a user behavior simulation framework for training and testing IDSes in GUI based systems","authors":"A. Garg, V. Sankaranarayanan, S. Upadhyaya, K. Kwiat","doi":"10.1109/ANSS.2006.45","DOIUrl":null,"url":null,"abstract":"Anomaly detection systems largely depend on user profile data to be able to detect deviations from normal activity. Most of this profile data is currently based on command-line instructions/directives executed by users on a system. With the advent and extensive usage of graphical user interfaces (GUIs), command-line data can no longer fully represent user's complete behavior which is essential for effectively detecting the anomalies in these GUI based systems. Collection of user behavior data is a slow and time consuming process. In this paper, we present a new approach to automate the generation of user data by parameterizing user behavior in terms of user intention (malicious/normal), user skill level, set of applications installed on a machine, mouse movement and keyboard activity. The user behavior parameters are used to generate templates, which can be further customized. The framework is called USim which can achieve rapid generation of user behavior data based on these templates for GUI based systems. The data thus generated can be utilized for rapidly training and testing intrusion detection systems (IDSes) and improving their detection precision.","PeriodicalId":308739,"journal":{"name":"39th Annual Simulation Symposium (ANSS'06)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"39th Annual Simulation Symposium (ANSS'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ANSS.2006.45","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 17

Abstract

Anomaly detection systems largely depend on user profile data to be able to detect deviations from normal activity. Most of this profile data is currently based on command-line instructions/directives executed by users on a system. With the advent and extensive usage of graphical user interfaces (GUIs), command-line data can no longer fully represent user's complete behavior which is essential for effectively detecting the anomalies in these GUI based systems. Collection of user behavior data is a slow and time consuming process. In this paper, we present a new approach to automate the generation of user data by parameterizing user behavior in terms of user intention (malicious/normal), user skill level, set of applications installed on a machine, mouse movement and keyboard activity. The user behavior parameters are used to generate templates, which can be further customized. The framework is called USim which can achieve rapid generation of user behavior data based on these templates for GUI based systems. The data thus generated can be utilized for rapidly training and testing intrusion detection systems (IDSes) and improving their detection precision.

查看原文本刊更多论文

USim:一个用户行为模拟框架，用于在基于GUI的系统中培训和测试ids

异常检测系统在很大程度上依赖于用户配置文件数据来检测正常活动的偏差。目前，大多数配置文件数据都基于用户在系统上执行的命令行指令/指令。随着图形用户界面(GUI)的出现和广泛使用，命令行数据已经不能完全代表用户的完整行为，而命令行数据对于有效检测这些基于GUI的系统中的异常是必不可少的。收集用户行为数据是一个缓慢而耗时的过程。在本文中，我们提出了一种通过参数化用户行为来自动生成用户数据的新方法，参数化用户行为包括用户意图(恶意/正常)、用户技能水平、机器上安装的应用程序集、鼠标移动和键盘活动。用户行为参数用于生成模板，模板可以进一步定制。该框架称为USim，可以实现基于这些模板的基于GUI系统的用户行为数据的快速生成。由此产生的数据可用于快速训练和测试入侵检测系统，提高其检测精度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

39th Annual Simulation Symposium (ANSS'06)

自引率

0.00%

发文量