Indirect human computer interaction-based biometrics for intrusion detection systems

Roman V. Yampolskiy, University of Louisville


The indirect HCI-based biometrics are events that can be obtained by monitoring users' HCI behavior indirectly via observable low-level actions of computer software, those include records in audit logs, call-stack data, GUI interaction events, network traffic, registry access data, storage activity, and system calls. These low-level events are produced unintentionally by the user during interaction with different software applications during pursuit of some, potentially mischievous, high level goals. This paper concentrates on the review and analysis of indirect human computer interaction-based biometrics frequently used in intrusion detection systems. We conclude with an experimental demonstration of an intrusion detection system based on network traffic analysis as an example of application of indirect human computer interaction-based behavioral biometrics. ©2007 IEEE.