Detecting Hackers By Monitoring User Commands
from the user-level-anomaly-detection dept
Some researchers are working on new hacker detection software that will work by recording how legitimate users normally use their computers, and then alerting security if something out of the ordinary is happening. Of course, there have been similar attempts to do this sort of thing, though usually based on network traffic, and not user commands. The problem with almost all of these, though, are the number of false-positives, which let the real attacks slip through. People don’t always use their computers in the same way, and are going to do something different every once in a while. However, the researchers say they’ve improved the quality this time, so that only about 6% of the security alerts are false positives.