I regularly read Bruce Schneier’s blog. Last week, he blogged about behaviorial profiling.
One of the key methods of detecting fraud is anomaly checks. I think this can be done statistically by reviewing history about a user and determining how likely it is that they will perform any particular set of actions. I am thinking about writing a security pattern on how to do this in a general fashion – ie determine “usual behavior” by what they’ve done before and see if the new input matches known past behavior within confidence levels.
For example, if a user always uses Firefox to access a web app, and they are located in Australia, and generally does less than a couple of hundred dollars per session, is it right to flag behavior which comes from an agentless connection from Brazil right up to the daily maximum? But this might match a Brazilian user’s normal behavior. A behaviorial profiling security pattern might sort things out or at least provide a clue as to unusual behavior, and would benefit many applications if it was easily available and implementable.
However, my statistics is not as it once was. Dear readers – are any of you half decent with statistics? If so, feel free to suggest a suitable method of determining what is significant (or likely) and based upon a set of general inputs. Even links to a decent maths / stats site so I can brush up. I own a HP 48G+ ubercalculator if that helps, and a spare 49G which I keep at work (in RPN mode, natch!) in case I need to think deep thoughts.
Leave a Reply