Random Forests for Profiling Computer Network Users
In this paper, we present a novel system to detect abnormal behaviour of computer network users based on features of web pages which were requested by a user (e.g. URL address, URL category, the day of week or time when the web page was visited). There are many causes of an abnormal behaviour of network users e.g. a computer can be infected by a virus or a Trojan, a stranger can take control of a computer system, etc. Thus, the proposed system can be a very important security mechanism in networks. The system can be also used to make personal user profiles. We use the bag-of-words model to analyse the text data from firewall logs from 63 users collected over a one and half month period. The 500 GB of the network traffic meta-data allowed to achieve satisfactory classification accuracy.
The research presented in this paper was performed within a project number RPLD.01.02.02-10-0108/17, financed by the Regional Operational Programme for Łódzkie Voivodeship 2014–2020.
- 1.Aupy, A., Clarke, N.: User authentication by service utilisation profiling. In: Proceedings of the ISOneWorld 2005, Las Vegas, USA (2005)Google Scholar
- 8.Marszalek, Z., Wozniak, M., Borowik, G., Wazirali, R., Napoli, C., Pappalardo, G., Tramontana, E.: Benchmark tests on improved merge for big data processing. In: 2015 Asia-Pacific Conference on Computer Aided System Engineering, pp. 96–101, July 2015Google Scholar