Creating Profiles from User Network Behavior

Abstract

The ability to identify network users based on their network behavior has both positive and negative implications. If users are tracked on the Internet without their knowledge or permission, this could be interpreted as a serious violation of their privacy. If used, however, as part of an organization's network security measures, the ability to identify and verify users might assist in determining whether one user is masquerading as a different user, or whether some user is exhibiting abnormal behavior that might precede malicious insider activity. As a step toward enhancing network security, we investigate the use of DNS hostnames and destination IPs for user identification, based on models of user behavior. Our results indicate that using DNS hostnames is a superior method of modeling user behavior. Additionally, when filtering the data for regular accesses, the accuracies improve for both DNS hostnames and destination IPs.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2013
Accession Number
ADA589694

Entities

People

  • Chad M. Mcdowell

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Computer Network Security
  • Computer Science
  • Computers
  • Data Mining
  • Data Sets
  • Department Of Defense
  • Governments
  • Information Science
  • Insider Threats
  • Machine Learning
  • Network Protocols
  • Network Science
  • Supervised Machine Learning
  • Transport Protocols
  • United States Government
  • Web Browsers
  • Websites

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Organizational Psychology.

Technology Areas

  • Cyber