Anomaly detection systems largely depend on user profile data to be able to detect deviations from normal activity. Most of this profile data is currently based on command-line instructions/directives executed by users on a system. With the advent and extensive usage of graphical user interfaces (GUIs), command-line data can no longer fully represent user's complete behavior which is essential for effectively detecting the anomalies in these GUI based systems. Collection of user behavior data is a slow and time consuming process. In this paper, we present a new approach to automate the generation of user data by parameterizing user behavior in terms of user intention (maliciousormal), user skill level, set of applications installed on a machine, mouse movement and keyboard activity. The user behavior parameters are used to generate templates, which can be further customized. The framework is called USim which can achieve rapid generation of user behavior data based on these templates for GUI based systems. The data thus generated can be utilized for rapidly training and testing intrusion detection systems (IDSes) and improving their detection precision
展开▼
