Based on the studies of the Computer Security Institute/Federal Bureau of Investigation, after virus, i.e, malicious code, the insider abuse is the second most threat.

This research is detecting misuse within an information retrieval system by gathering and maintaining knowledge of the behavior of the user rather than anticipating attacks by unknown assailants. The approach is based on building and maintaining a profile of the behavior of the system user through tracking, or monitoring of user activity within the information retrieval system. Any new activity of the user is compared to the user profile to detect a potential misuse.

Selected Papers

	R. Cathey, L. Ma, N. Goharian, D. Grossman, "Misuse Detection for Information Retrieval Systems", ACM 12th Conference on Information and Knowledge Management (CIKM), November 2003.
	L. Ma and N. Goharian, Query Length Impact on Misuse Detection in Information Retrieval Systems, ACM 20th Symposium on Applied Computing (SAC), March 2005 (to appear).