Outlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection

作者: Mohamed Medhat Gaber , Diana Haidar

DOI:

关键词: Concept driftAnomaly detectionInsiderFeature (computer vision)Artificial intelligenceGeographyFeature vectorOutlierInsider threatData miningMachine learningData stream mining

摘要: Insider threat detection is an emergent concern for industries and governments due to the growing number of attacks in recent years. Several Machine Learning (ML) approaches have been developed detect insider threats, however, they still suffer from a high false alarms. None those addressed problem perspective stream mining data where concept drift or outlier indication threat. An refers anomalous behaviour that deviates normal baseline community's focus this paper. To address shortcoming existing realise novel solution problem, we present RandSubOut (Random Subspace Outliers) approach over real-time streaming. allows threats represented as localised outliers random feature subspaces, which would not be detected whole space, dimensionality. We evaluated presented ensemble established distance-based de tection methods, namely, Micro-cluster-based Continuous Outlier Detection (MCOD) Anytime OUTlier (AnyOut), according evaluation measures including True Positive (TP) False (FP).

参考文章(23)
Dimitrios Georgiadis, Maria Kontaki, Anastasios Gounaris, Apostolos N. Papadopoulos, Kostas Tsichlas, Yannis Manolopoulos, Continuous outlier detection in data streams: an extensible framework and state-of-the-art algorithms international conference on management of data. pp. 1061- 1064 ,(2013) , 10.1145/2463676.2463691
Yingbing Yu, James H. Graham, Anomaly Instruction Detection of Masqueraders and Threat Evaluation Using Fuzzy Logic systems, man and cybernetics. ,vol. 3, pp. 2309- 2314 ,(2006) , 10.1109/ICSMC.2006.385207
João Gama, Indrė Žliobaitė, Albert Bifet, Mykola Pechenizkiy, Abdelhamid Bouchachia, A survey on concept drift adaptation ACM Computing Surveys. ,vol. 46, pp. 44- ,(2014) , 10.1145/2523813
Di Yang, Elke A. Rundensteiner, Matthew O. Ward, Neighbor-based pattern detection for windows over streaming data Proceedings of the 12th International Conference on Extending Database Technology Advances in Database Technology - EDBT '09. pp. 529- 540 ,(2009) , 10.1145/1516360.1516422
You Chen, Bradley Malin, Detection of anomalous insiders in collaborative environments via relational analysis of access logs Proceedings of the first ACM conference on Data and application security and privacy - CODASPY '11. ,vol. 2011, pp. 63- 74 ,(2011) , 10.1145/1943513.1943524
Maaz Bin Ahmad, Adeel Akram, M. Asif, Saeed Ur-Rehman, Using Genetic Algorithm to Minimize False Alarms in Insider Threats Detection of Information Misuse in Windows Environment Mathematical Problems in Engineering. ,vol. 2014, pp. 1- 12 ,(2014) , 10.1155/2014/179109
William T. Young, Henry G. Goldberg, Alex Memory, James F. Sartain, Ted E. Senator, Use of Domain Knowledge to Detect Insider Threats in Computer Activities ieee symposium on security and privacy. pp. 60- 67 ,(2013) , 10.1109/SPW.2013.32
Ke Tang, Ming-Tian Zhou, Wen-Yong Wang, Insider cyber threat situational awareness framwork using dynamic Bayesian networks international conference on computer science and education. pp. 1146- 1150 ,(2009) , 10.1109/ICCSE.2009.5228485
D. Shalini Punithavathani, K. Sujatha, J. Mark Jain, Surveillance of anomaly and misuse in critical networks to counter insider threats using computational intelligence Cluster Computing. ,vol. 18, pp. 435- 451 ,(2015) , 10.1007/S10586-014-0403-Y
PALLABI PARVEEN, NATHAN MCDANIEL, ZACKARY WEGER, JONATHAN EVANS, BHAVANI THURAISINGHAM, KEVIN HAMLEN, LATIFUR KHAN, EVOLVING INSIDER THREAT DETECTION STREAM MINING PERSPECTIVE International Journal on Artificial Intelligence Tools. ,vol. 22, pp. 1360013- ,(2013) , 10.1142/S0218213013600130