Establishing a methodology for designing real-time network security systems

Date of Completion

January 1998


Engineering, System Science|Computer Science




In this information age, networks are increasingly important. At many points in network routing, passwords can be captured and an account misused without triggering any alarm. Once admitted, an intruder has all the privileges the account owner enjoys. If there is detection, it is typically after damage to files, systems, or commercial property rights has occurred. Intruders should be uncovered when attempting to gain access, however authenticating devices at every access point is prohibitively expensive, and prior exchange of passwords may be impractical.^ This research explores the elements of a real-time dynamic authentication system based on users' behavioral patterns. These elements protect the system, administer it, contain decision mechanisms and respond to changes in user behavior. Behavior is characterized by the commands used, their order and the timing between them. Our approach is based on an experimental authentication tool developed at the University of Connecticut. This dynamic approach to user authentication provides intrusion detection, and potential identification. Differences between current input and models stored in the system may indicate a masquerader, an intruder, or a change in a user's behavior or intent.^ Our work focuses on refining and defining metrics of a dynamic approach to user authentication. We investigate the influence of sample size and state space on our ability to recognize the presence of individuals using a computer system. The conditional probability of the user given a string of commands, or a series of transition timing, is calculated using Bayes' Theorem. For both the order and the timing metrics, a state space was defined to use all their language, then reduced to much smaller sets. Metrics based on qualities of the state machine are introduced. ^