User Behavioral Modeling of Web-based Systems for Continuous User Authentication

Authentication plays an important role in how we interact with computers, mobile devices, the web, etc. The idea of authentication is to uniquely identify a user before granting access to system privileges. For example, in recent years more corporate information and applications have been accessible via the Internet and Intranet. Many employees are working from remote locations and need access to secure corporate files. During this time, it is possible for malicious or unauthorized users to gain access to the system. For this reason, it is logical to have some mechanism in place to detect whether the logged-in user is the same user in control of the user's session. Therefore, highly secure authentication methods must be used. We posit that each of us is unique in our use of computer systems. It is this uniqueness that is leveraged to "continuously authenticate users" while they use web software. To monitor user behavior, n-gram models are used to capture user interactions with web-based software. This statistical language model essentially captures sequences and sub-sequences of user actions, their orderings, and temporal relationships that make them unique by providing a model of how each user typically behaves. Users are then continuously monitored during software operations. Large deviations from "normal behavior" can possibly indicate malicious or unintended behavior. This approach is implemented in a system called Intruder Detector (ID) that models user actions as embodied in web logs generated in response to a user's actions. User identification through web logs is cost-effective and non-intrusive. We perform experiments on a large fielded system with web logs of approximately 4000 users. For these experiments, we use two classification techniques; binary and multi-class classification. We evaluate model-specific differences of user behavior based on coarse-grain (i.e., role) and fine-grain (i.e., individual) analysis. A specific set of metrics are used to provide valuable insight into how each model performs. Intruder Detector achieves accurate results when identifying legitimate users and user types. This tool is also able to detect outliers in role-based user behavior with optimal performance. In addition to web applications, this continuous monitoring technique can be used with other user-based systems such as mobile devices and the analysis of network traffic.

Leader Based Cyclic Pursuit

In this work a system of autonomous agents engaged in cyclic pursuit (under constant bearing (CB) strategy) is considered, for which one informed agent (the leader) also senses and responds to a stationary beacon. Building on the framework proposed in a previous work on beacon-referenced cyclic pursuit, necessary and suffi- cient conditions for the existence of circling equilibria in a system with one informed agent are derived, with discussion of stability and performance. In a physical testbed, the leader (robot) is equipped with a sound sensing apparatus composed of a real time embedded system, estimating direction of arrival of sound by an Interaural Level and Phase Difference Algorithm, using empirically determined phase and level signatures, and breaking front-back ambiguity with appropriate sensor placement. Furthermore a simple framework for implementing and evaluating the performance of control laws with the Robot Operating System (ROS) is proposed, demonstrated, and discussed.

Who Governs Educational Change? The Paradoxes of State Power and the Pursuit of Educational Reform in Post-Neoliberal Ecuador (2007-2015)

This study identifies and compares competing policy stories of key actors involved in the Ecuadorian education reform under President Rafael Correa from 2007-2015. By revealing these competing policy stories the study generates insights into the political and technical aspects of education reform in a context where state capacity has been eroded by decades of neoliberal policies. Since the elections in 2007, President Correa has focused much of his political effort and capital on reconstituting the state’s authority and capacity to not only formulate but also implement public policies. The concentration of power combined with a capacity building agenda allowed the Correa government to advance an ambitious comprehensive education reform with substantive results in equity and quality. At the same time the concentration of power has undermined a more inclusive and participatory approach which are essential for deepening and sustaining the reform. This study underscores both the limits and importance of state control over education; the inevitable conflicts and complexities associated with education reforms that focus on quality; and the limits and importance of participation in reform. Finally, it examines the analytical benefits of understanding governance, participation and quality as socially constructed concepts that are tied to normative and ideological interests.