Research Assistants: B. Kuperman, T. Lane
Sponsor: COAST Laboratory sponsors
This project focuses on detecting anomalous behavior by users and processes on a system. This serves to detect intrusions, insider misuse, and malicious software. The approach taken is to collect audit and behavior information, and to explicitly instrument selected system software to gain additional audit information. This information is then examined using both data mining tools and explicit pattern matching technologies to detect unusual behavior.