| 发明名称 |
SYSTEM LEVEL USER BEHAVIOR BIOMETRICS USING FEATURE EXTRACTION AND MODELING |
| 摘要 |
The interaction of a plurality of users with a computer system is monitored and measurements are made of different features of this interaction such as process creation, registry key changes, and file system actions. These measurements are then analyzed to identify those features that are more discriminatory. The set of features is then used to develop for each user a model of his/her interaction with the computer system that can then be used to authenticate that user when interacting with the computer system at a later time. Advantageously, these steps are performed automatically and may be performed periodically or even continuously to verify that each user of the computer system is indeed the individual he/she purports to be. Illustratively, the feature extraction is performed using Fisher's criteria; and the user model is developed using a Gaussian mixture model. A method for updating the user model is also disclosed. |
| 申请公布号 |
US2016171197(A1) |
申请公布日期 |
2016.06.16 |
| 申请号 |
US201615018694 |
申请日期 |
2016.02.08 |
| 申请人 |
ALLURE SECURITY TECHNOLOGY INC. |
发明人 |
Song Yingbo;Stolfo Salvatore J. |
| 分类号 |
G06F21/31;G06F21/57 |
主分类号 |
G06F21/31 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for authenticating a user on a computer system comprising:
installing on the computer system a sensor for detecting a plurality of different types of user interactions with the computer system including process creation, process destruction, file touches and registry actions, for a plurality of users, measuring with the sensor how many of the plurality of different types of user interactions occur during a time period; evaluating the usability of the different types of user interactions that are measured to discriminate among the different users by identifying those user interactions having low variance over time with the same user and high variance over time between different users; using at least some of the different types of user interactions that have greater discriminatory significance to train a model of user interactions for each of the plurality of users; monitoring the interaction of a plurality of users of the computer system during a second time period subsequent to the training of the models to measure for each user how many of the plurality of user interactions with the computer system occur; and comparing with the models a pattern of behavior generated by a user of the computer system to determine if the user who generated the pattern of behavior is the user represented by one of the models. |
| 地址 |
New York NY US |
