User Behavioral Modeling of Web-based Systems for Continuous User Authentication

Authentication plays an important role in how we interact with computers, mobile devices, the web, etc. The idea of authentication is to uniquely identify a user before granting access to system privileges. For example, in recent years more corporate information and applications have been accessible via the Internet and Intranet. Many employees are working from remote locations and need access to secure corporate files. During this time, it is possible for malicious or unauthorized users to gain access to the system. For this reason, it is logical to have some mechanism in place to detect whether the logged-in user is the same user in control of the user's session. Therefore, highly secure authentication methods must be used. We posit that each of us is unique in our use of computer systems. It is this uniqueness that is leveraged to "continuously authenticate users" while they use web software. To monitor user behavior, n-gram models are used to capture user interactions with web-based software. This statistical language model essentially captures sequences and sub-sequences of user actions, their orderings, and temporal relationships that make them unique by providing a model of how each user typically behaves. Users are then continuously monitored during software operations. Large deviations from "normal behavior" can possibly indicate malicious or unintended behavior. This approach is implemented in a system called Intruder Detector (ID) that models user actions as embodied in web logs generated in response to a user's actions. User identification through web logs is cost-effective and non-intrusive. We perform experiments on a large fielded system with web logs of approximately 4000 users. For these experiments, we use two classification techniques; binary and multi-class classification. We evaluate model-specific differences of user behavior based on coarse-grain (i.e., role) and fine-grain (i.e., individual) analysis. A specific set of metrics are used to provide valuable insight into how each model performs. Intruder Detector achieves accurate results when identifying legitimate users and user types. This tool is also able to detect outliers in role-based user behavior with optimal performance. In addition to web applications, this continuous monitoring technique can be used with other user-based systems such as mobile devices and the analysis of network traffic.

Coarse Graining to Invesitigate Peptide-Lipid Interactions

Experimental characterization of molecular details is challenging, and although single molecule experiments have gained prominence, oligomer characterization remains largely unexplored. The ability to monitor the time evolution of individual molecules while they self assemble is essential in providing mechanistic insights about biological events. Molecular dynamics (MD) simulations can fill the gap in knowledge between single molecule experiments and ensemble studies like NMR, and are increasingly used to gain a better understanding of microscopic properties. Coarse-grained (CG) models aid in both exploring longer length and time scale molecular phenomena, and narrowing down the key interactions responsible for significant system characteristics. Over the past decade, CG techniques have made a significant impact in understanding physicochemical processes. However, the realm of peptide-lipid interfacial interactions, primarily binding, partitioning and folding of amphipathic peptides, remains largely unexplored compared to peptide folding in solution. The main drawback of existing CG models is the inability to capture environmentally sensitive changes in dipolar interactions, which are indigenous to protein folding, and lipid dynamics. We have used the Drude oscillator approach to incorporate structural polarization and dipolar interactions in CG beads to develop a minimalistic peptide model, WEPPROM (Water Explicit Polarizable PROtein Model), and a lipid model WEPMEM (Water Explicit Polarizable MEmbrane Model). The addition of backbone dipolar interactions in a CG model for peptides enabled us to achieve alpha-beta secondary structure content de novo, without any added bias. As a prelude to studying amphipathic peptide-lipid membrane interactions, the balance between hydrophobicity and backbone dipolar interactions in driving ordered peptide aggregation in water and at a hydrophobic-hydrophilic interface, was explored. We found that backbone dipole interactions play a crucial role in driving ordered peptide aggregation, both in water and at hydrophobic-hydrophilic interfaces; while hydrophobicity is more relevant for aggregation in water. A zwitterionic (POPC: 1-palmitoyl-2-oleoyl-sn-glycero-3-phosphocholine) and an anionic lipid (POPS: 1-palmitoyl-2-oleoyl-sn-glycero-3-phospho-L-serine) are used as model lipids for WEPMEM. The addition of head group dipolar interactions in lipids significantly improved structural, dynamic and dielectric properties of the model bilayer. Using WEPMEM and WEPPROM, we studied membrane-induced peptide folding of a cationic antimicrobial peptide with anticancer activity, SVS-1. We found that membrane-induced peptide folding is driven by both (a) cooperativity in peptide self interaction and (b) cooperativity in membrane-peptide interactions. The dipolar interactions between the peptide and the lipid head-groups contribute to stabilizing folded conformations. The role of monovalent ion size and peptide concentration in driving lipid domain formation in anionic/zwitterionic lipid mixtures was also investigated. Our study suggest monovalent ion size to be a crucial determinant of interaction with lipid head groups, and hence domain formation in lipid mixtures. This study reinforces the role of dipole interactions in protein folding, lipid membrane properties, membrane induced peptide folding and lipid domain formation. Therefore, the models developed in this thesis can be used to explore a multitude of biomolecular processes, both at longer time-scales and larger system sizes.