Creating profiles from user network behavior

Loading...
Thumbnail Image
Authors
McDowell, Chad M.
Subjects
Network Behavior Profiles
User Identification
Advisors
Beverly, Robert
Date of Issue
2013-09
Date
Sep-13
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
The ability to identify network users based on their network behavior has both positive and negative implications. If users are tracked on the Internet without their knowledge or permission, this could be interpreted as a serious violation of their privacy. If used, however, as part of an organization’s network security measures, the ability to identify and verify users might assist in determining whether one user is masquerading as a different user, or whether some user is exhibiting abnormal behavior that might precede malicious insider activity. As a step toward enhancing network security, we investigate the use of DNS hostnames and destination IPs for user identification, based on models of user behavior. Our results indicate that using DNS hostnames is a superior method of modeling user behavior. Additionally, when filtering the data for regular accesses, the accuracies improve for both DNS hostnames and destination IPs.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections