Abstract
A computer can keep track of computer users to improve the security in the system. However, this does not prevent a user from impersonating another user. Only the user behavior recognition can help to detect masqueraders. Also, knowledge about computer users can be very beneficial for assisting them or predicting their future actions. Under the UNIX operating system, users type several commands which can be analyzed in order to create user profiles. In this research, a computer user behavior is represented by a sequence of UNIX commands. From these sequences of commands, a profile that defines its behavior is defined. In addition, a computer user behavior usually changes constantly. If the behavior recognition is done automatically, these changes need to be taken into account. For this reason, we propose in this research a simple evolving method that is able to keep up to date the computer user behavior profiles. This method is based on Evolving Fuzzy Systems and it is evaluated using real data streams.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Available from: http://archive.ics.uci.edu/ml/datasets/UNIX+User+Data.
References
Aha D, Kibler D (1991) Instance-based learning algorithms. Mach Learn 6:37–66
Angelov P, Zhou X (2007) Evolving fuzzy classifier for novelty detection and landmark recognition by mobile robots. In: Nedjah N, Coelho LS, Mourelle LM (eds) Studies in computational intelligence. Mobile robots: the evolutionary approach, vol 50. Springer, Berlin, pp 89–118
Angelov P (2002) Evolving rule-based models: a tool for design of flexible adaptive systems. Springer, London
Angelov P, Filev D (2004) An approach to online identification of takagi-sugeno fuzzy models. Syst Man Cybernet Part B: Cybernet IEEE Trans 34(1):484– 498
Angelov P, Zhou X-W (2006) Evolving fuzzy systems from data streams in real-time. In: Proceedings of the Internat. Symp. on evolving fuzzy systems, pp 29–35
Angelov P, Zhou X (2008) Evolving fuzzy-rule-based classifiers from data streams. IEEE Trans Fuzzy Syst 16(6):1462–1475
Angelov P, Ramezani R, Zhou X (2008) Autonomous novelty detection and object tracking in video streams using evolving clustering and takagi-sugeno type neuro-fuzzy system. In: Neural Networks, 2008. IJCNN 2008. (IEEE World Congress on Computational Intelligence). IEEE International Joint Conference on, June 2008, pp 1456–1463
Angelov P, Bocaniala CD, Xideas C, Patchett C, Ansell D, Everett M, Leng G (2008) A passive approach to autonomous collision detection and avoidance. Computer Modeling and Simulation, International Conference, pp 64–69
Carmel D, Markovitch S (1996) Opponent modeling in multi-agent systems. In: Adaptation and learning in multi-agent systems. Springer, Heidelberg, pp 40–52
Coull S, Branch J, Szymanski B, Breimer E (2003) Intrusion detection: a bioinformatics approach. In: ACSAC ’03: Proceedings of the 19th Annual Computer Security Applications Conference. Washington, DC, USA, IEEE Computer Society, p 24
Frank A, Asuncion A (2010) UCI machine learning repository (online). http://archive.ics.uci.edu/ml
Frank E, Witten IH (1998) Generating accurate rule sets without global optimization. In: Proceedings of the Fifteenth International Conference on Machine Learning, ser. ICML ’98.San Francisco, Morgan Kaufmann Publishers Inc., pp 144–151
García-Cuesta E, Iglesias JA (2012) User modeling in changeable environments. In: Proceedings of the 2012 IEEE Evolving and Adaptive Intelligent Systems (EAIS-2012), May 2012, pp 182–185
Godoy A, Amandi D (2005) User profiling for web page filtering. Internet Comput IEEE 9(4):56–64
Greenberg S (1988) Using unix: collected traces of 168 users. Technical Report
Han K, Veloso M (1999) Automated robot behavior recognition applied to robotic soccer. In: Proceedings of the ninth international symposium on robotics research, pp 199–204
Iglesias JA, Ledezma A, Sanchis A (2008) Using well-known techniques for classifying user behavior profiles. In: Communications of the siwn, vol 5, pp 18–22
Iglesias JA, Angelov P, Ledezma A, de Miguel AS (2012) Creating evolving user behavior profiles automatically. IEEE Trans Knowl Data Eng 24(5):854–867
Iglesias JA, Ordóñez J, Ledezma A, de Toledo P, Sanchis A (2012) Evolving activity recognition from sensor streams. In: Proceedings of the 2012 IEEE evolving and adaptive intelligent systems (EAIS-2012), May 2012, pp 96–101
Iglesias JA , Angelov P, Ledezma A, Sanchis A (2010) Evolving classification of agents-behaviors: a general approach. Evol Syst J 1:161–171
Iglesias JA, Ledezma A, Sanchis A, Kaminka GA (2011) A plan classifier based on chi-square distribution tests. Intell Data Anal 15(2):131–149
Kelly JG, Angelov P, Trevisan J, Vlachopoulou A, Paraskevaidis E, Martin-Hirsch PL, Martin FL (2010) Robust classification of low-grade cervical cytology following analysis with atr-ftir spectroscopy and subsequent application of self-learning classifier eclass. Anal Bioanal Chem 398(5):2191–201
Liu Y, Meng H, Wang D, Wang X (2007) Adaptive staggering time estimation for target tracking in periodic nonuniform sampling system. Electron Lett 43(24):1385–1387 (Online). http://link.aip.org/link/?ELL/43/1385/1
Macedo AA, Truong KN, Camacho-Guerrero JA, da GraÇa Pimentel M (2003) Automatically sharing web experiences through a hyperdocument recommender system. In: HYPERTEXT 2003 New York, ACM, 2003, pp 48–56
Maxion RA (2003) Masquerade detection using enriched command lines. In: International Conference on dependable systems and networks, DSN. IEEE Computer Society, pp 5–14
Ordóñez FJ, Iglesias JA, de Toledo P, Ledezma A, Sanchís A (2013) Online activity recognition using evolving classifiers. Expert Syst Appl 40(4):1248–1255
Pepyne D, Hu J, Gong W (2004) User profiling for computer security. In: American Control Conference, pp 982–987
Platt J (1999) Fast training of support vector machines using sequential minimal optimization. In: Advances in kernel methods, pp 185–208
Posadas R, Mex-Perera JC, Monroy R, Nolazco-Flores JA (2006) Hybrid method for detecting masqueraders using session folding and hidden markov models. In: MICAI, pp 622–631
Quinlan JR (1993) C4.5: programs for machine learning. Morgan Kaufmann Publishers Inc, San Francisco
Riley P, Veloso MM (2000) On behavior classification in adversarial environments. In: DARS, pp 371–380
Rish I (2001) An empirical study of the naive Bayes classifier. In: Proceedings of IJCAI-01 Workshop on empirical methods in artificial intelligence
Schonlau M, DuMouchel W, Ju W, Karr A, Theus M, Vardi Y (2001) Computer intrusion: detecting masquerades. Stat Sci 16(1):58–74
Wang K, Stolfo SJ (2003) One-class training for masquerade detection. In: 3rd IEEE Conference Data Mining Workshop on data mining for computer security. IEEE Computer Society
Web G, Pazzani MJ, Billsus D (2001) Machine learning for user modeling. User Model User Adap Inter 11:19–20
Zhou X, Angel P (2006) Real-time joint landmark recognition and classifier generation by an evolving fuzzy system. In: Fuzzy systems, 2006 IEEE International Conference, pp 1205–1212
Acknowledgments
This work has been supported by the Spanish Government under project TRA2011-29454-C03-03.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Iglesias, J.A., Ledezma, A. & Sanchis, A. Evolving classification of UNIX users’ behaviors. Evolving Systems 5, 231–238 (2014). https://doi.org/10.1007/s12530-014-9104-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12530-014-9104-2