 Profiling User Behavior for Intrusion Detection Using Item Response ModelingYun Wang, Nathaniel J. Melby and Inyoung Kim Journal of Information Privacy and Security, 2007, vol. 3, issue 4, 3-18 Abstract: Item response theory (IRT) is a modern test measurement theory that has been widely used in many research areas over the last decade. This paper presents an IRT modeling approach that fits network traffic to a “test” (normal or abnormal) model and estimates an expected test score of being anomaly-free to profile user behavior. With four anomaly-free associated variables identified from previous studies, the findings demonstrate that there is a remarkable difference in item characteristic curves between the user behavior patterns with anomalies and those that are anomaly-free, and such a difference can be quantitatively measured with the expected test score ranging from 0 to 100 where a high score is more likely to be associate with an anomaly-free pattern. More specifically, there are approximately 25 (SD = 4.0) points’ differences between a pattern with anomalies and one without. Our study demonstrates the potential feasibility and achievability of applying IRT for modern network security. Date: 2007 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:taf:uipsxx:v:3:y:2007:i:4:p:3-18 Ordering information: This journal article can be ordered from DOI: 10.1080/15536548.2007.10855825 Access Statistics for this article Journal of Information Privacy and Security is currently edited by Chuleeporn Changchit More articles in Journal of Information Privacy and Security from Taylor & Francis Journals |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.