Faculty Advisor

Shue, Craig A.


The insider threat is one of the most difficult problems in information security. Prior research addresses its detection by using machine learning techniques to profile user behavior. User behavior is represented as low level system events, which do not provide sufficient contextual information about the user's intentions, and lead to high error rates. Our system uses video of a user's sessions as the representation of their behavior, and detects moments during which they perform sensitive tasks. Analysis of the video is accomplished using OCR, scene detection algorithms, and basic text classification. The system outputs the results to a web interface, and our results show that using desktop imagery is a viable alternative to using system calls for insider threat detection.


Worcester Polytechnic Institute

Date Accepted

December 2012


Computer Science

Project Type

Major Qualifying Project



Advisor Department

Computer Science