Knowledge about computer users is very beneficial for assisting them, predicting their future actions or detecting masqueraders. In this paper, an approach for creating and recognizing automatically the behavior profile of a user from the commands (s)he types in a command-line interface, is presented.
Specifically, in this research, a computer user behavior is represented as a sequence of UNIX commands. This sequence is transformed into a distribution of relevant subsequences in order to find out a profile that defines its behavior. Then, statistical methods are used for recognizing a user from the commands (s)he types. The experiment results, using 2 different sources of UNIX command data, show that a system based on our approach can efficiently recognize a UNIX user. In addition, a comparison with a HMM-base method is done.
Because a user profile usually changes constantly, we also propose a method to keep up to date the created profiles using an