Misuse is the abuse of privileges by an authorized user and is the second most common form of computer crime after viruses. Earlier we proposed a misuse detection approach for information retrieval systems that relied on relevance feedback. The central idea focused on the building of a user profile containing both query and feedback terms from prior queries. Our algorithm matched new activities to existing profiles and assigned a likelihood of misuse to an activity. Only initial evaluation was provided.We now expand and evaluate our system using both short and long queries noting the effect of query length in the accuracy of the detection. The results indicate an overall precision of 83.9% when short queries are used, and 82.2% for long queries. The rate of the undetected misuse for short queries is less than 2% and for long queries less than 6%. Although higher precision score configurations result in a lower false alarm rate, unfortunately, they increase the rate of undetected misuse both for short and long queries. Given this tradeoff, for any particular application constraint, system behavior can be tuned to minimize either false alarms or undetected misuse.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Michael E. Whitman, Enemy at the gate: threats to information security, Communications of the ACM, v.46 n.8, p.91-95, August 2003  [doi>10.1145/859670.859675]
	2	Press Release, Computer Crime and Intellectual Property section of the Criminal Division of US Dept. of Justice, 2001. http://www.usdoj.gov/criminal/cyber crime/turnerPlea.htm
	3	Press Release, Computer Crime and Intellectual Property section of the Criminal Division of US Dept. of Justice, 2001. http://www.usdoj.gov/criminal/cybercrime/Osowski_TangSent.htm
	4	Press Release, United State Attorney's Office Northern District of Texas, US Department of Justice, November 5, 2003. http://www.usdoj.gov/usao/txn/PressRel03/fudge_ind_pr.html
	5	J. Marin, D. Ragsdale, and J. Surdu, A hybrid approach to the profile creation and intrusion detection, DARPA Info. Surv. Conf. and Expo. 2001.
	6	C. Ling, J. Gao, H. Zhang, W. Qian, H. Zhang, Improving encarta search engine performance by mining user logs, Int. Journal of Pattern Recognition and Artificial Intelligence, 2002.
	7	Christina Yip Chung , Michael Gertz , Karl Levitt, DEMIDS: a misuse detection system for database systems, Integrity and internal control information systems: strategic views on the need for control, Kluwer Academic Publishers, Norwell, MA, 2000
	8	Rebecca Cathey , Ling Ma , Nazli Goharian , David Grossman, Misuse detection for information retrieval systems, Proceedings of the twelfth international conference on Information and knowledge management, November 03-08, 2003, New Orleans, LA, USA  [doi>10.1145/956863.956901]
	9	Ling Ma , Nazli Goharian, Using relevance feedback to detect misuse for information retrieval systems, Proceedings of the thirteenth ACM international conference on Information and knowledge management, November 08-13, 2004, Washington, D.C., USA  [doi>10.1145/1031171.1031205]
	10	David A. Grossman , Ophir Frieder, Information Retrieval: Algorithms and Heuristics, Kluwer Academic Publishers, Norwell, MA, 1998
	11	National Institute of Standards and Technology, Text retrieval conference(trec), December 2002, http://trec.nist.gov/.
	12	Paul Resnick , Neophytos Iacovou , Mitesh Suchak , Peter Bergstrom , John Riedl, GroupLens: an open architecture for collaborative filtering of netnews, Proceedings of the 1994 ACM conference on Computer supported cooperative work, p.175-186, October 22-26, 1994, Chapel Hill, North Carolina, United States  [doi>10.1145/192844.192905]
	13	Badrul Sarwar , George Karypis , Joseph Konstan , John Reidl, Item-based collaborative filtering recommendation algorithms, Proceedings of the 10th international conference on World Wide Web, p.285-295, May 01-05, 2001, Hong Kong, Hong Kong  [doi>10.1145/371920.372071]
	14	Dwi H. Widyantoro and John Yen, Learning User Interest Dynamics with Three-Descriptor Representation, JASIS 2000.
	15	Dwi H. Widyantoro , Thomas R. Ioerger , John Yen, Tracking changes in user interests with a few relevance judgments, Proceedings of the twelfth international conference on Information and knowledge management, November 03-08, 2003, New Orleans, LA, USA  [doi>10.1145/956863.956970]