Papers     Last modified: 10/21/04 10:06:02 AM

P. Seligman, S.W. Smith.
"Detecting Unauthorized Use in Online Journal Archives: A Case Study."
Proceedings of the IADIS International Conference WWW/Internet 2004.
Volume 1. 209--217. October 2004.


JSTOR is a not-for-profit online library containing a full back-run of digitized versions of a large number of academic journals. In order to help defray costs for maintaining the archive, subscribing institutions (such as libraries and universities) pay a fee to enable their users to access it. However, in order to make this access easy for authorized users---and to avoid requiring changes to the current IT infrastructure of their subscribing institutions---JSTOR authenticates users via the IP address of the computer that generated the request. (If the IP address belongs to a subscribing institution, the user is granted access.)

This design decision introduces the potential for trouble: unauthorized users can access the archive if they can find an unprotected proxy machine at a subscribing institution and request material via that machine. (Observant archive staff have noticed abnormal usage patterns and traced them to such unauthorized use.) Unfortunately, this design decision also constrains potential countermeasures: since we cannot change the infrastructures of the subscribers, we instead need to have the archive itself try to detect and respond to incidents of fraudulent use.

In this paper, we describe our experiments to automate these countermeasures.


PDF (A4 format)

Back to home page Maintained by Sean Smith,