Unsupervised Methods for Detecting a Malicious Insider
نویسنده
چکیده
One way a malicious insider can attack a network is by masquerading as a different user. Various algorithms have been proposed in an effort to detect when a user masquerade attack has occurred. In this paper, two unsupervised algorithms are proposed with the intended goal of detecting user masquerade attacks. The effectiveness of these two unsupervised algorithms are then compared against supervised algorithms.
منابع مشابه
Insider Threat Detection in PRODIGAL
This paper reports on insider threat detection research, during which a prototype system (PRODIGAL) was developed and operated as a testbed for exploring a range of detection and analysis methods. The data and test environment, system components, and the core method of unsupervised detection of insider threat leads are presented to document this work and benefit others working in the insider th...
متن کاملInsider threats: Detecting and controlling malicious insiders
Malicious insiders are posing unique security challenges to organizations due to their knowledge, capabilities, and authorized access to information systems. Data theft and IT sabotage are two of the most recurring themes among crimes committed by malicious insiders. This paper aims to investigate the scale and scope of malicious insider risks and explore the impact of such threats on business ...
متن کاملInside the Mind of the Insider: Towards Insider Threat Detection Using Psychophysiological Signals
Insider threat is a great challenge for most organizations in today’s digital world. It has received substantial research attention as a significant source of information security threat that could cause more financial losses and damages than any other threats. However, designing an effective monitoring and detection framework is a very challenging task. In this paper, we examine the use of hum...
متن کاملEvolving Insider Threat Detection Stream Mining Perspective
Evidence of malicious insider activity is often buried within large data streams, such as system logs accumulated over months or years. Ensemble-based stream mining leverages multiple classification models to achieve highly accurate anomaly detection in such streams, even when the stream is unbounded, evolving, and unlabeled. This makes the approach effective for identifying insider threats who...
متن کاملAn Ontology for Insider Threat Indicators: Development and Application
We describe our ongoing development of an insider threat indicator ontology. Our ontology is intended to serve as a standardized expression method for potential indicators of malicious insider activity, as well as a formalization of much of our team’s research on insider threat detection, prevention, and mitigation. This ontology bridges the gap between natural language descriptions of ...
متن کامل