Towards a User and Role-Based Behavior Analysis Method for Insider Threat Detection
作者: Qiujian Lv , Yan Wang , Leiqi Wang , Dan Wang
DOI: 10.1109/ICNIDC.2018.8525804
关键词:
摘要: Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Existing methods have distinguished the minority users who show suspicious behavior from majority users. However, these failed apply features reflecting deviation between behaviors those their user groups within similar job roles. This paper focuses on threat detection by conducting both role analysis. It extracts multiple that represent details activities conducted each deviations groups. The malicious then detected using unsupervised algorithm, Isolation Forest Algorithm, which evaluates variance exhibits across attributes, compared other To evaluate performance proposed models comprehensively, we implement a series experiments with data lasting 17 months. We compare method existing state-of-the-art results demonstrate robust method.
sci-hub.se 参考文章(17)
Philip A. Legg, Oliver Buckley, Michael Goldsmith, Sadie Creese, Automated Insider Threat Detection System Using User and Role-Based Profile Assessment IEEE Systems Journal. ,vol. 11, pp. 503- 512 ,(2017) , 10.1109/JSYST.2015.2438442
Mohammad Saiful Islam, Mehmet Kuzu, Murat Kantarcioglu, A Dynamic Approach to Detect Anomalous Queries on Relational Databases conference on data and application security and privacy. pp. 245- 252 ,(2015) , 10.1145/2699026.2699120
Oliver Brdiczka, Juan Liu, Bob Price, Jianqiang Shen, Akshay Patil, Richard Chow, Eugene Bart, Nicolas Ducheneaut, Proactive Insider Threat Detection through Graph Learning and Psychological Context ieee symposium on security and privacy. pp. 142- 149 ,(2012) , 10.1109/SPW.2012.29
Hoda Eldardiry, Evgeniy Bart, Juan Liu, John Hanley, Bob Price, Oliver Brdiczka, Multi-Domain Information Fusion for Insider Threat Detection ieee symposium on security and privacy. pp. 45- 51 ,(2013) , 10.1109/SPW.2013.14
Ioannis Agrafiotis, Sadie Creese, Michael Goldsmith, Philip A. Legg, Towards a User and Role-based Sequential Behavioural Analysis Tool for Insider Threat Detection Journal of Internet Services and Information Security (JISIS). ,vol. 4, pp. 127- 137 ,(2014)
Shu Wu, Shengrui Wang, Information-Theoretic Outlier Detection for Large-Scale Categorical Data IEEE Transactions on Knowledge and Data Engineering. ,vol. 25, pp. 589- 602 ,(2013) , 10.1109/TKDE.2011.261
PALLABI PARVEEN, NATHAN MCDANIEL, ZACKARY WEGER, JONATHAN EVANS, BHAVANI THURAISINGHAM, KEVIN HAMLEN, LATIFUR KHAN, EVOLVING INSIDER THREAT DETECTION STREAM MINING PERSPECTIVE International Journal on Artificial Intelligence Tools. ,vol. 22, pp. 1360013- ,(2013) , 10.1142/S0218213013600130
Dawn M. Cappelli, Randall F. Trzeciak, Andrew P. Moore, The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes Addison-Wesley Professional. ,(2012)
Fei Tony Liu, Kai Ming Ting, Zhi-Hua Zhou, Isolation Forest international conference on data mining. pp. 413- 422 ,(2008) , 10.1109/ICDM.2008.17
Randall Trzeciak, Timothy J. Shimeall, Andrew Moore, Common Sense Guide to Prevention and Detection of Insider Threats ,(2006)