Using Sequences of System Events to Identify Users

In my last post on the Active Authentication project I described how to use Microsoft Detours to collect a trace of system calls (also known as system events) for a single process.  At Coveros Labs we leveraged an example program provided with Detours in order to create our own prototype system that validates the identity of a […]

Read more