Detection of behavioural baseline deviation in endpoint usage through mouse dynamics analysis
2025, vol.17 , no.3, pp. 95-106
Article [2025-03-09]
This paper introduces a two-stage framework for detecting deviations in user behaviour on endpoints via mouse-movement analysis. In the training phase, raw cursor telemetry is converted into minute-level heatmaps, reduced in dimensionality and subjected to a systematic evaluation of non-parametric clustering algorithms to extract representative core samples of distinct operational states. In the detection phase, multiple comparison engines—including distance-thresholding, margin-based novelty detection and ensemble isolation—were rigorously benchmarked against synthetic heatmap sequences with known anomaly labels. A single clustering engine and a single comparison method, chosen for their superior trade-off between sensitivity and precision, were integrated into the final pipeline. This methodology delivers robust, interpretable, real-time identification of behavioural baseline deviations, thereby enhancing endpoint security through user-centric anomaly detection.
endpoint security, anomaly detection, user behaviour, baseline deviation, mouse dynamics
https://doi.org/10.59035/AIFB7822
Kamran N. Asgarov. Detection of behavioural baseline deviation in endpoint usage through mouse dynamics analysis. International Journal on Information Technologies and Security, vol.17 , no.3, 2025, pp. 95-106. https://doi.org/10.59035/AIFB7822