User profiling in theMisuse Detection Project

User profiling

We profile users to detect masquerading. We are profiling users by monitoring data from three separate sources.

Unix process accounting logs -- Steven Templeton
NT 4.0 audit logs -- Scott Miller
Solaris BSM audit logs -- Christopher Wee
labelled NT 4.0 logs of normal use (i.e., not misuse) -- Tanya Glenn, Jennifer Keller, Jim Hoagland, Christopher Wee
Normal Use NT 4.0 audit logs -- Christopher Wee, Lynn Nakamura