We present a novel approach to detect misuse within an information retrieval system by gathering and maintaining knowledge of the behavior of the user rather than anticipating attacks by unknown assailants. Our approach is based on building and maintaining a profile of the behavior of the system user through tracking, or monitoring, of user activity within the information retrieval system. We propose three different methods to detect misuse in information retrieval systems. Our results favorably demonstrate the validity of our approach.
Rebecca Cathey, Ling Ma, Nazli Goharian, David A.