Generation of User Profiles in UNIX Scripts Applying Evolutionary Neural Networks

摘要

Information is the most important asset for institutions, and thus ensuring optimal levels of security for both operations and users is essential. For this research, during Shell sessions, the history of nine users (0-8) who performed tasks using the UNIX operating system for a period of two years was investigated. The main objective was to generate a classification model of usage profiles to detect anomalous behaviors in the system of each user. As an initial task, the information was preprocessed, which generates user sessions S~u_m, where u identifies the user and m the number of sessions the user has performed u. Each session S~u_m contains a script execution sequence C_n, that is S~u_m = {C_1,C_2,C_3,...,C_n}, where n is the position where the C_n command was executed. Supervised and unsupervised data mining techniques and algorithms were applied to this data set as well as voracious algorithms, such as the Greedy Stepwise algorithm, for attribute selection. Next, a Genetic Algorithm with a Neural Network model was trained to the set of sessions S~u_m to generate a unique behavior profile for each user. In this way, the anomalous or intrusive behaviors of each user were identified in a more approximate and efficient way during the execution of activities using the computer systems. The results obtained indicate an optimum pressure and an acceptable false positive rate.