Statistical decision making for authentication and intrusion detection
C. Dimitrikakis and A. Mitrokotsa
In: ICMLA 09, 13 - 15 Dec 2009, Miami, FL, USA.
User authentication and intrusion detection differ from standard classification problems in that while we have data generated from legitimate users, impostor or intrusion data is scarce or non-existent. We review existing techniques for dealing with this problem and propose a novel alternative based on a principled statistical decision-making viewpoint. We examine the technique on a toy problem and validate it on complex real-world data from an RFID based access control system. The results indicate that it can significantly outperform the classical world model approach. The method could be more generally useful in other decision-making scenarios where there is a lack of adversary data.