Detection of anomalous insiders in collaborative environments via relational analysis of access logs
作者: You Chen , Bradley Malin
关键词:
摘要: Collaborative information systems (CIS) are deployed within a diverse array of environments, ranging from the Internet to intelligence agencies healthcare. It is increasingly case that such applied manage sensitive information, making them targets for malicious insiders. While sophisticated security mechanisms have been developed detect insider threats in various file systems, they neither designed model nor monitor collaborative environments which users function dynamic teams with complex behavior. In this paper, we introduce community-based anomaly detection system (CADS), an unsupervised learning framework based on recorded access logs environments. CADS observation typical tend form community structures, low affinity communities indicative anomalous and potentially illicit The consists two primary components: relational pattern extraction detection. For extraction, infers structures CIS logs, subsequently derives communities, serve as core. then uses formal statistical measure deviation inferred predict anomalies. To empirically evaluate threat model, perform analysis six months real electronic health record large medical center, well publicly available dataset replication purposes. results illustrate can distinguish simulated context user behavior high degree certainty significant performance gains comparison several competing models.
acm.org
truststc.org参考文章(42)
Dario A. Giuse, Supporting communication in an integrated patient record system. american medical informatics association annual symposium. ,vol. 2003, pp. 1065- 1065 ,(2003)
Jihed Touzi, Vatcharaphun Rajsiri, Frédérick Bénaben, Hervé Pingaud, Collaborative information system design. AIM Conference. pp. 281- 296 ,(2006)
Kanoksri Sarinnapakorn, Mei-Ling Shyu, Shu-Ching Chen, LiWu Chang, A Novel Anomaly Detection Scheme Based on Principal Component Classifier international conference on data mining. pp. 172- 179 ,(2003)
Sushil Jajodia, Daniel Barbará, Ningning Wu, DETECTING NOVEL NETWORK INTRUSIONS USING BAYES ESTIMATORS siam international conference on data mining. pp. 0- 0 ,(2001)
Gail-Joon Ahn, Dongwan Shin, Longhua Zhang, Role-based privilege management using attribute certificates and delegation trust and privacy in digital business. ,vol. 3184, pp. 100- 109 ,(2004) , 10.1007/978-3-540-30079-3_11
Jonathon Shlens, A Tutorial on Principal Component Analysis. arXiv: Learning. ,(2014)
Gail-Joon Ahn, Longhua Zhang, Dongwan Shin, B. Chu, Authorization management for role-based collaboration systems, man and cybernetics. ,vol. 5, pp. 4128- 4134 ,(2003) , 10.1109/ICSMC.2003.1245633
Jian Tang, Zhixiang Chen, Ada Wai-chee Fu, David W. Cheung, Enhancing Effectiveness of Outlier Detections for Low Density Patterns knowledge discovery and data mining. pp. 535- 548 ,(2002) , 10.1007/3-540-47887-6_53
Teuvo Kohonen, Self-Organizing Maps ,(1995)
Klaas Sikkel, A group-based authorization model for cooperative systems european conference on computer supported cooperative work. pp. 345- 360 ,(1997) , 10.1007/978-94-015-7372-6_23