Detecção de comportamento no sistema catarinense de telemedicina

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico.Programa de Pós-Graduação em Ciência da ComputaçãoEste trabalho apresenta uma pesquisa de métodos para detecção de comportamento, assim como, descreve o desenvolvimento de um framework para a detecção de comportamento de usuários em sistemas web e seqüência de ações suspeitas que possam indicar um uso incorreto do mesmo ou uma possível falha de segurança. Deste modo buscou-se incrementar a segurança de sistemas web e avaliar a aplicação da técnica probabilística de Mahalanobis nesse contexto. O framework proposto foi desenvolvido utilizando como métrica de similaridade, a distância de Mahalanobis, de forma a validar suplementarmente, possíveis benefícios advindos de métricas estatísticas na comparação de assinaturas de comportamento. Foi executada uma extensa validação tendo como base protótipo do sistema aqui descrito, para funcionamento em conjunto com o portal de Telemedicina do Estado de Santa Catarina, que também serviu de base de coleta de dados para validação. Como resultado obteve-se um framework modular que pode ser facilmente portado para diferentes sistemas web que possuam características similares ao Portal de Telemedicina. Obteve-se, ainda, na utilização da técnica proposta como forma de detecção de comportamento, um baixo índice de detecção de comportamento válido marcado como inválido (Falso Negativo) e também, baixos índices de detecção de comportamento inválido marcadas como válido (Falsos Positivos). This work presents a research about detection of behavior methods, as well as it describes the development of a framework for user behavior detecting in web systems and sequence of actions that may indicate a suspected misuse or a possible security breach. The proposed framework wa developed using dissimilarity metric, the Mahalanobis distance, to supplementary validate, potential benefits derived from statistical metric comparison for behavior signatures. An extensive validation was performed based on the prototype system described here, for operation in conjunction with the Telemedicine portal of the State of Santa Catarina, which also served as the basis for collection of validation data. As results, we have obtained a modular framework that can be easily adapted to different web based systems presenting a given set of features similar to the Telemedicine Portal. The proposed behavior detection technique was able to achieve a low detection rate of valid behavior marked as invalid (False Negatives) and also a low detection rate of invalid behavior marked as valid (False Positives

Factors and Predictors of Online Security and Privacy Behavior

Assumptions and habits regarding computer and Internet use are among the major factors which influence online privacy and security of Internet users. In our study a survey was performed on 312 subjects (college students who are Internet users with IT skills) that investigated how assumptions and habits of Internet users are related to their online security and privacy. The following four factors of online security and privacy related behaviors were revealed in factor analysis: F1 – conscientiousness in the maintenance of the operating system, upgrading of the Internet browser and use of antivirus and antispyware programs; F2 –engagement in risky and careless online activities with lack of concern for personal online privacy; F3 – disbelief that privacy violations and security threats represent possible problems; F4 – lack of fear regarding potential privacy and security threats with no need for change in personal online behavior. Statistically significant correlations were found between some of the discovered factors on the one side, and criteria variables occurrence of malicious code (C1) and data loss on the home computer (C2) on the other. In addition, a regression analysis was performed which revealed that the potentially risky online behaviors of Internet users were associated with the two criteria variables. To properly interpret the results of correlation and regression analyses a conceptual model was developed of the potential causal relationships between the behavior of Internet users and their experiences with online security threats. An additional study was also performed which partly confirmed the conceptual model, as well as the factors of online security and privacy related behaviors