In this section you will find all documents published by SI6 Labs.

• "Collection and Publication of a Fixed Text Keystroke Dynamics Dataset", Luciano Bello, Maximiliano Bertacchini, Carlos Benitez, Juan Carlos Pizzoni and Marcelo Cipriano, 2010
  Abstract: Keystroke Dynamics is a powerful technique which allows to detect and identify intruders in computer systems. In order to test keystroke data pattern matching and clustering algorithms, user data collection is a mandatory task. Si6 Labs3 developed a web application named k-profiler with the purpose of collecting the typing rhythm data of volunteer users. This paper describes the experiment design criteria as well as the format of the collected data which will be used for Si6 projects and will be publicly available.
  Complete Document (PDF) - Slides (PDF-Spanish) - [BibTeX]

  @INPROCEEDINGS{ keystroke-dataset,
  author    = {Luciano Bello and Maximiliano Bertacchini and Carlos Benitez and Juan Carlos Pizzoni and Marcelo Cipriano},
  title     = {Collection and Publication of a Fixed Text Keystroke Dynamics Dataset},
  booktitle = {CACIC'10},
  month     = {October},
  year      = {2010} }
  

• "User Clustering Based on Keystroke Dynamics", Carlos E. Benitez, Maximiliano Bertacchini y Pablo I. Fierens, 2010
  Abstract: The PAM clustering algorithm is applied on the Si6 keystroke dataset in order to identify sessions of the same users. A number of heuris- tical outlier filters based on statistical properties of keystroke latencies are proposed and run on the dataset. Different tests are performed vary- ing the number of digraphs that compose each observation and its dimen- sionality, in order to verify the assumption that more data gives a better quality of clustering and to estimate the minimum required number of dimensions. The number of clusters is estimated through the silhouette algorithm. Resulting clustering accuracy is measured by means of the F-measure, showing the viability of user identification through keystroke analysis.
  Complete Document (PDF) - Slides (PDF-Spanish) [BibTeX]

  @INPROCEEDINGS{ clustering-keystroke-cibsi2010,
  author    = {Carlos E. Benitez and Maximiliano Bertacchini and Pablo I. Fierens},
  title     = {User Clustering Based on Keystroke Dynamics},
  booktitle = {CACIC'10},
  month     = {October},
  year      = {2010} }
  

• "Experiments on command dimension reduction in masquerader detection", Carlos E. Benitez and Pablo I. Fierens, 2009
  Abstract: We deal with the problem of dimension reduction in masquerader detection through command-line behavior. Although it has been previously suggested that unpopular commands are more relevant for this task, it is shown that there is no conclusive evidence in favor of this hypothesis. Moreover, it is also shown that selection of a fraction of the most popular or frequently used commands leads to a smooth degradation of a masquerader detection algorithm, while the selection of the most unpopular or infrequent commands produces a degradation which is worse than that of simple random selection. Some evidence is provided that the best performance of a masquerader detection algorithm may not necessarily correspond to accounting for all commands in the training data, but for a smaller, adequately chosen fraction of them. We verify this conclusion using two different datasets and two different masquerader detection algorithms. Finally, the empirical evidence provided in this paper suggests that, for many masquerader detection techniques, it may be convenient to work with a small fraction of the most popular or frequently used commands.
  Complete Document (PDF)

• "A Survey on Masquerader Detection Approaches", Maximiliano Bertacchini and Pablo I. Fierens, 2009
  Abstract: This paper presents a survey on the area of masquerader detection. The three most popular publicly available UNIX command-line datasets are showed and their features are compared. Several different masquerader detection approaches are reviewed and their results are compared applying the most popular measures of detection effectiveness in this area, introducing the most extensive quantitative comparison of results in literature. Possible ways for future work in this area are proposed as well.
  Complete Document (PDF)

• "Análisis de las medidas de distancia entre sesiones para la clasificación de intrusos", Sebastián García, 2007 (Spanish only)
  Abstract: This paper shows a work in progress about the analysis of distance metrics between sessions from different computer intruders and their classification based on their behaviour. Data from actual intruders, collected by keyloggers at several honeypots during 2005, 2006 and 2007, is used. Intruder behaviour is analyzed related to their actions, their way of using the system and their intentions. This work is intended to identify the best distance metrics between sessions. At first, satisfactory classification can be achieved by the selected distance metrics.
  Complete Document (PDF)

• "NCD Based Masquerader Detection Using Enriched Command Lines", Maximiliano Bertacchini and Carlos E. Benitez, 2007
  Abstract: This paper extends a series of experiments performed by Schonlau et al., Maxion and Bertacchini et al. on the detection of computer masqueraders (i.e. illegitimate users trying to impersonate legitimate ones). A compression-based classification algorithm called Normalized Compression Distance or NCD, developed by Vitányi et al. is applied on truncated and enriched command-line data. It is shown that the use of enriched data significantly improves the NCD-based detection performance compared with using truncated data sets. Future work, possible enhancements and directions of further research on this topic are presented as well.
  Complete Document (PDF)

• "Preliminary Results on Masquerader Detection using Compression Based Similarity Metrics", Maximiliano Bertacchini and Pablo I. Fierens, 2006
  Abstract: This paper extends a series of experiments performed by Schonlau et al. on the detection of computer masqueraders (i.e. illegitimate users trying to impersonate legitimate ones). A compression-based classification algorithm called Normalized Compression Distance or NCD, developed by Vitanyi et al. is applied on the same data set. It is shown that the NCD-based approach performs as well as the methods previously tried by Schonlau et al. Future work, possible enhancements and directions of further research on this topic are presented as well.
  Complete Document (PDF)

• "Reducing MPI communication latency with GAMMA", Maximiliano Bertacchini and Alejandro Benabén, 2006
  Abstract: The purpose of this work is to measure the difference between the low-latency MPI/GAMMA and the standard MPICH MPI implementations over Fast Ethernet interconnections for high-performance computing (HPC) clusters. We conclude that MPI/GAMMA outperforms MPICH in both latency and CPU utilization.
  Complete Document (PDF)

• "Installing Squid Proxy with NTLM authentication", Flavio A. Fernández and Georgina Halladjián, 2004 (Spanish only)
  Abstract: This paper details the necessary steps to install and configure a free software proxy scheme that allows authentication against an NT Domain. To achieve this, we selected Squid, Samba and Winbind services.
  Integrating the previously mentioned applications we can offer a controlled access to Internet using the domain services as the only authentication component.
  Complete Document (PDF)