User Behavioral Modeling of Web-based Systems for Continuous User Authentication

Authentication plays an important role in how we interact with computers, mobile devices, the web, etc. The idea of authentication is to uniquely identify a user before granting access to system privileges. For example, in recent years more corporate information and applications have been accessible via the Internet and Intranet. Many employees are working from remote locations and need access to secure corporate files. During this time, it is possible for malicious or unauthorized users to gain access to the system. For this reason, it is logical to have some mechanism in place to detect whether the logged-in user is the same user in control of the user's session. Therefore, highly secure authentication methods must be used. We posit that each of us is unique in our use of computer systems. It is this uniqueness that is leveraged to "continuously authenticate users" while they use web software. To monitor user behavior, n-gram models are used to capture user interactions with web-based software. This statistical language model essentially captures sequences and sub-sequences of user actions, their orderings, and temporal relationships that make them unique by providing a model of how each user typically behaves. Users are then continuously monitored during software operations. Large deviations from "normal behavior" can possibly indicate malicious or unintended behavior. This approach is implemented in a system called Intruder Detector (ID) that models user actions as embodied in web logs generated in response to a user's actions. User identification through web logs is cost-effective and non-intrusive. We perform experiments on a large fielded system with web logs of approximately 4000 users. For these experiments, we use two classification techniques; binary and multi-class classification. We evaluate model-specific differences of user behavior based on coarse-grain (i.e., role) and fine-grain (i.e., individual) analysis. A specific set of metrics are used to provide valuable insight into how each model performs. Intruder Detector achieves accurate results when identifying legitimate users and user types. This tool is also able to detect outliers in role-based user behavior with optimal performance. In addition to web applications, this continuous monitoring technique can be used with other user-based systems such as mobile devices and the analysis of network traffic.

THE STOCHASTIC NAVIER STOKES EQUATIONS FOR HEAT CONDUCTING, COMPRESSIBLE FLUIDS

This dissertation is devoted to the equations of motion governing the evolution of a fluid or gas at the macroscopic scale. The classical model is a PDE description known as the Navier-Stokes equations. The behavior of solutions is notoriously complex, leading many in the scientific community to describe fluid mechanics using a statistical language. In the physics literature, this is often done in an ad-hoc manner with limited precision about the sense in which the randomness enters the evolution equation. The stochastic PDE community has begun proposing precise models, where a random perturbation appears explicitly in the evolution equation. Although this has been an active area of study in recent years, the existing literature is almost entirely devoted to incompressible fluids. The purpose of this thesis is to take a step forward in addressing this statistical perspective in the setting of compressible fluids. In particular, we study the well posedness for the corresponding system of Stochastic Navier Stokes equations, satisfied by the density, velocity, and temperature. The evolution of the momentum involves a random forcing which is Brownian in time and colored in space. We allow for multiplicative noise, meaning that spatial correlations may depend locally on the fluid variables. Our main result is a proof of global existence of weak martingale solutions to the Cauchy problem set within a bounded domain, emanating from large initial datum. The proof involves a mix of deterministic and stochastic analysis tools. Fundamentally, the approach is based on weak compactness techniques from the deterministic theory combined with martingale methods. Four layers of approximate stochastic PDE's are built and analyzed. A careful study of the probability laws of our approximating sequences is required. We prove appropriate tightness results and appeal to a recent generalization of the Skorohod theorem. This ultimately allows us to deduce analogues of the weak compactness tools of Lions and Feireisl, appropriately interpreted in the stochastic setting.