Ensemble Strategy for Insider Threat Detection from User Activity Logs
نویسندگان
چکیده
منابع مشابه
Using Internet Activity Profiling for Insider-threat Detection
The insider-threat problem continues to be a major risk to both public and private sectors, where those people who have privileged knowledge and access choose to abuse this in some way to cause harm towards their organisation. To combat against this, organisations are beginning to invest heavily in deterrence monitoring tools to observe employees’ activity, such as computer access, Internet bro...
متن کاملContext-Aware Insider Threat Detection
We are researching ways to detect insider threats in computer usage data crossing multiple modalities – e.g., resources and devices used, network and communication patterns – and where signals of possible threat are highly contextual – e.g., detectable only after inferring user roles, peer groups, collaborators and personal history. The contexts are also dynamic – reflecting a user’s rapid shif...
متن کاملAn Integrated System for Insider Threat Detection
This paper describes a proof-of-concept system for detecting insider threats. The system measures insider behavior by observing a user’s processes and threads, information about user mode and kernel mode time, network interface statistics, etc. The system is built using Microsoft’s Windows Management Instrumentation (WMI) implementation of the Web Based Enterprise Management (WBEM) standards. I...
متن کاملInsider Threat Detection in PRODIGAL
This paper reports on insider threat detection research, during which a prototype system (PRODIGAL) was developed and operated as a testbed for exploring a range of detection and analysis methods. The data and test environment, system components, and the core method of unsupervised detection of insider threat leads are presented to document this work and benefit others working in the insider th...
متن کاملAn Architecture for Contextual Insider Threat Detection
Recent studies have shown there is a growing concern about the damage possible when trusted organization insiders behave maliciously. In particular, data exfiltration can lead to loss of revenue, damage to an organization’s reputation, and disruption of service for critical infrastructure systems. In this work, we introduce the Contextually Adaptive INsider threat architecture (CAIN), which inc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Computers, Materials & Continua
سال: 2020
ISSN: 1546-2226
DOI: 10.32604/cmc.2020.09649