Masquerade Detection Using GUI Events in

Abstract— Masquerade attack in computer systems refers to the illegitimate user activities while pretending to be legitimate user. Detection of such attacks is done by discovering significant changes in user’s behavior based on his profile. Profile is built by data produced from mouse, keyboard and other devices. In this paper we propose a practical approach for collecting GUI data and deriving useful parameters included both mouse and keyboard events from Windows OS. We model user identification and masquerade detection as a binary classification problem. Profiling and user classification is accomplished by use of Support Vector Machine (SVM) algorithm. Feature vectors are fed to SVM. The output is behavioral pattern which builds the profile. System is trained by normal behavior and detects deviations from profile. According to the results of implementation the proposed approach ensure detection rate up to 94% with few false alarm.