This work presents a collection of methods that is used to effectively identify users of computers systems based on their
particular usage of the software and the network. Not only are we able to identify individual computer users by their
behavioral patterns, we are also able to detect significant deviations in their typical computer usage over time, or compared
to a group of their peers. For instance, most people have a small, and relatively unique selection of regularly visited
websites, certain email services, daily work hours, and typical preferred applications for mandated tasks. We argue that
these habitual patterns are sufficiently specific to identify fully anonymized network users.
We demonstrate that with only a modest data collection capability, profiles of individual computer users can be constructed
so as to uniquely identify a profiled user from among their peers. As time progresses and habits or circumstances
change, the methods presented update each profile so that changes in user behavior can be reliably detected over both
abrupt and gradual time frames, without losing the ability to identify the profiled user.
The primary benefit of our methodology allows one to efficiently detect deviant behaviors, such as subverted user
accounts, or organizational policy violations. Thanks to the relative robustness, these techniques can be used in scenarios
with very diverse data collection capabilities, and data privacy requirements. In addition to behavioral change detection,
the generated profiles can also be compared against pre-defined examples of known adversarial patterns.