Arshi Agrawal

Publication Date

Spring 2013

Degree Type

Master's Project


Computer Science


Intrusion detection is the process of identifying any unauthorized access to a sys- tem. This process inspects user behavior to identify any possible attack or intrusion. There exists two type of intrusion detection systems (IDSs): signature-based IDS and anomaly-based IDS. This project concentrates on anomaly-based intrusion detection technique. This technique is based on the deviation of intruder’s actions from the authenticated user’s actions. Much previous research has focused on the deviation of command line input in UNIX systems. However, these techniques fail to detect attacks on modern GUI- based systems, where typical user activities include mouse movements and keystrokes. Our project aims to create a dataset suitable for testing intrusion detection strate- gies on GUI-based operating systems. We have developed an event logging tool to capture GUI-based user data on Windows systems. We have collected a large dataset which we analyze using a intrusion detection strategy based on hidden Markov models (HMM).