User identification through command history analysis

Foaad Khosmood, Phillip L. Nico, Jon Woolery
IEEE Computational Intelligence in Cyber Security
Orlando, Florida
December, 2014
As any veteran of the editor wars can attest, Unix users can be fiercely and irrationally attached to the commands they use and the manner in which they use them. In this work, we investigate the problem of identifying users out of a large set of candidates (25-97) through their command-line histories. Using standard algorithms and feature sets inspired by natural language authorship attribution literature, we demonstrate conclusively that individual users can be identified with a high degree of accuracy through their command-line behavior.
Global Game Jam