Research Student Profile

Home People Profile...

Dr Harjit Singh PhD

Brief biographical information



Access thesis on-line

Behavioural Profiling and Intrusion Detection Systems Using Data Mining

The continuous growth of computer networks, coupled with the increasing number of people relying upon information technology, has inevitably attracted both mischievous and malicious abusers. Such abuse may originate from both outside an organisation and from within, and will not necessarily be prevented by traditional authentication and access control mechanisms. In the event that an unauthorised user compromises a systems initial authentication, the user is in the position to do virtually anything without being further challenged. This has caused interest in the concept of continuous authentication during a user?s active session based upon their behaviour characteristics.

Intrusion Detection Systems can contribute to a solution here by continuously monitoring for signs of unauthorised activity. The techniques employed often involve the collection of vast amounts of auditing data to identify abnormalities against historical user behaviour profiles and known intrusion scenarios. The approach may be optimised using domain expertise to extract only the relevant information from the wealth available, but this can be time consuming and knowledge intensive. Whereas most reported work in this area uses statistical approaches to model the temporal regularities exhibited by users, this thesis presents a series of comparative studies carried out using data mining techniques and algorithms.

This thesis examines the potential of Data Mining algorithms and techniques to automate the data analysis process and aid in the identification of system features and latent trends that could be used to profile user behaviour. It presents the result of the analysis carried out and discusses a proposed systematic correlation framework for continuous user authentication using the Data Mining methodology adopted in the comparative studies. The research shows how the correlation framework could be used to automate the analysis of the generated audit data as well as the processes involved in authenticating users in a networked environment.

Dr Harjit Singh

Director of studies: Dr Benn Lines
Other supervisors: Dr Steven M Furnell, Prof. Emmanuel Ifeachor

Conference papers

Web Services: Opportunities and Obstacles in the path of its early adoption
Joshi P, Singh H, Phippen AD
Proceedings of the Fourth International Network Conference (INC 2004), Plymouth, UK, 6-9 July 2004, pp43-51, 2004
More details | Download PDF

A Correlation Framework for Continuous User Authentication Using Data Mining
Singh H, Furnell SM, Dowland PS, Lines BL, Kaur S
Proceedings of the Fourth International Network Conference (INC 2004), Plymouth, UK, 6-9 July 2004, pp237-245, 2004
More details | Download PDF

A Preliminary Investigation of User Authentication Using Continuous Keystroke Analysis
Dowland PS, Singh H, Furnell SM
Proceedings of the IFIP 8th Annual Working Conference on Information Security Management & Small Systems Security, Las Vegas, 27-28 September, 2001
More details | Download PDF

Investigating and Evaluating Behavioural Profiling and Intrusion Detection Using Data Mining
Singh H, Furnell SM, Lines BL, Dowland PS
Proceedings of International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, St. Petersburg, Russia, 21-23 May, 2001
More details | Download PDF

Classification of Network State Using Data Mining
Singh H, Thornton KEB, Bull PD
Proceedings of 4th IEEE international MICC & ISCE conference-1999, Vol. 1, pp183-187, 1999
More details | Download PDF

5 Conference papers

Posters

Advanced Authentication and Intrusion Detection Technologies
Dowland PS, Furnell SM, Magklaras GB, Papadaki M, Reynolds PL, Rodwell PM, Singh H
Poster presentation at Britain's Younger Engineers in 2000, House of Commons, London, 4 December, 2000
More details | Download PDF

1 Posters

6 publication(s) - all categories.