FöRFATTARE
Johansson, Jonas; Nordström, Peder

INSTITUTION
Industriell ekonomi och samhällsvetenskap / Systemvetenskap

SAMMANFATTNING
An Intrusion Detection System is a technical system that is designed to identify and respond against intrusion attempts towards an IT-system. One of the biggest challenges is the masquerader. A masquerader is an unauthorized user that pretends to be a legitimate user by using the victim’s identity. Attempts have been made to identify the masquerader with different results and accuracies. The aim with this thesis is to study how a different approach to the problem, based on examining sessions as a whole, could affect the accuracy and if it is even possible to detect the masquerader. To our help we have constructed an application that examines sessions and extracts patterns. The patterns are then used to validate the user. The conclusions we could draw from the experiment shows that it is possible to distinguish the masquerader from the legitimate user by using a session based approach.

ISSN 1402-1552 / ISRN LTU-DUPP--09/043--SE / NR 2009:043