Vortragende(r): Prof. Dr. Raúl Monroy
(Tec de Monterrey, Campus Estado de México)
Nowadays, computers store critical information, prompting the development of mechanisms aimed to timely detect any kind of intrusion. Some of such mechanisms, called masquerade detectors, are often designed to signal an alarm whenever they detect an anomaly in system behaviour. Usually, the profile of ordinary system behaviour is built out of a history of command execution and do not consider realistic masquerade scenarios. In this talk, I will briefly introduce a new masquerade dataset, called Windows-Users and -Intruder simulations Logs (WUIL), which, unlike other datasets, involves more faithful masquerade attempts; further, while building WUIL, we have worked under the hypothesis that the way in which a user navigates her file system structure helps neatly separating a masquerade attack. Thus, departing from standard practice, we argue that it is not a user action, but the object upon which the action is carried out what helps distinguishing user participation. We shall argue that a masquerade detection approach based on file system navigation provides a valuable means for building models for masquerade detection.
Raúl Monroy obtained a PhD in Artificial Intelligence in 1998 from Edinburgh University, under the supervision of Prof. Alan Bundy. He has been in Computing at Tecnológico de Monterrey (ITESM), Campus Estado de México, since 1985. In 2010, he was promoted to Professor in Computer Science. Since 1998, he is a member of the Mexican Research System, currently rank 2. Since 2011, he is a fellow of the Mexican Academy of Sciences. Dr. Monroy's research focuses on the discovery of novel methods for anomaly detection in computer security; the discovery an application of general search control strategies for uncovering and correcting errors in either a system or its specification; and robot motion planning. Dr. Monroy has held several research grants from several funding agencies, including Google (co-holder), CONACYT (holder) –the Mexican research council-, BMBF (co-holder), DAAD, (co-holder), FRIDA (holder) and CONACyT-REDII (co-holder).