Image-Based Insider Threat Detection via Geometric Transformation

Insider threat detection has been a challenging task over decades; existing approaches generally employ the traditional generative unsupervised learning methods to produce normal user behavior model and detect significant deviations as anomalies. However, such approaches are insufficient in precision and computational complexity. In this paper, we propose a novel insider threat detection method, Image-based Insider Threat Detector via Geometric Transformation (IGT), which converts the unsupervised anomaly detection into supervised image classification task, and therefore the performance can be boosted via computer vision techniques. To illustrate, our IGT uses a novel image-based feature representation of user behavior by transforming audit logs into grayscale images. By applying multiple geometric transformations on these behavior grayscale images, IGT constructs a self-labelled dataset and then trains a behavior classifier to detect anomaly in a self-supervised manner. The motivation behind our proposed method is that images converted from normal behavior data may contain unique latent features which remain unchanged after geometric transformation, while malicious ones cannot. Experimental results on CERT dataset show that IGT outperforms the classical autoencoder-based unsupervised insider threat detection approaches, and improves the instance and user based Area under the Receiver Operating Characteristic Curve (AUROC) by 4% and 2%, respectively.

Download Full-text

An Insider Threat Detection Method Based on User Behavior Analysis

IFIP Advances in Information and Communication Technology - Intelligent Information Processing IX ◽

10.1007/978-3-030-00828-4_43 ◽

2018 ◽

pp. 421-429

Author(s):

Wei Jiang ◽

Yuan Tian ◽

Weixin Liu ◽

Wenmao Liu

Keyword(s):

Behavior Analysis ◽

Detection Method ◽

User Behavior ◽

Insider Threat ◽

Threat Detection ◽

User Behavior Analysis

Download Full-text

User Behavior Profiling using Ensemble Approach for Insider Threat Detection

2019 IEEE 5th International Conference on Identity, Security, and Behavior Analysis (ISBA) ◽

10.1109/isba.2019.8778466 ◽

2019 ◽

Cited By ~ 3

Author(s):

Malvika Singh ◽

B.M. Mehtre ◽

S. Sangeetha

Keyword(s):

User Behavior ◽

Insider Threat ◽

Threat Detection ◽

Ensemble Approach ◽

Behavior Profiling

Download Full-text

Insider Threat Detection with Behavior-Based Attestation

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.568-570.1370 ◽

2014 ◽

Vol 568-570 ◽

pp. 1370-1375

Author(s):

Heng Qin ◽

Jin Hui Zhao

Keyword(s):

Information System ◽

User Behavior ◽

Insider Threat ◽

Threat Detection ◽

Subjective Logic ◽

Network Information ◽

Perception Process ◽

Behavior Based ◽

The Impact ◽

Huge Challenge

Insiders, who have the lawful authority in network information system, formed a huge threat to security by abuse and misuse of authority. It has become one of huge challenge to the security of information system. Against the features of more subtle and more difficult to find, this paper study how to perceive the trusted behavior of insiders with behavior-based attestation. Taking into account the impact of various uncertainties in monitoring and perception process, dynamic awareness model of insider threat is presented based on subjective logic. In order to find the insider threats, monitoring data of actual behaviors are compared with operation tree; legality of the user behavior dynamically analyzed according to historical experience and current experience; the trust of user behavior legitimacy is represented as trust point in subjective logic. Finally, experiments are employed to test the validity and applicability of proposed method.

Download Full-text

Insider Threat Detection based on User behavior Model and Novelty Detection Algorithms

Journal of the Korean Institute of Industrial Engineers ◽

10.7232/jkiie.2017.43.4.276 ◽

2017 ◽

Vol 43 (4) ◽

pp. 276-287 ◽

Cited By ~ 1

Author(s):

Haedong Kim ◽

Junhong Kim ◽

Minsik Park ◽

Suhyoun Cho ◽

Pilsung Kang

Keyword(s):

User Behavior ◽

Novelty Detection ◽

Insider Threat ◽

Threat Detection ◽

Behavior Model ◽

Detection Algorithms

Download Full-text

Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms

Applied Sciences ◽

10.3390/app9194018 ◽

2019 ◽

Vol 9 (19) ◽

pp. 4018 ◽

Cited By ~ 6

Author(s):

Kim ◽

Park ◽

Kim ◽

Cho ◽

Kang

Keyword(s):

Anomaly Detection ◽

User Behavior ◽

Behavior Modeling ◽

Detection Methods ◽

Insider Threat ◽

Threat Detection ◽

Insider Threats ◽

Domain Experts ◽

User Behavior Modeling ◽

Detection Algorithms

Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very familiar with an organization’s system, it is very difficult to detect their malicious behavior. Traditional insider-threat detection methods focus on rule-based approaches built by domain experts, but they are neither flexible nor robust. In this paper, we propose insider-threat detection methods based on user behavior modeling and anomaly detection algorithms. Based on user log data, we constructed three types of datasets: user’s daily activity summary, e-mail contents topic distribution, and user’s weekly e-mail communication history. Then, we applied four anomaly detection algorithms and their combinations to detect malicious activities. Experimental results indicate that the proposed framework can work well for imbalanced datasets in which there are only a few insider threats and where no domain experts’ knowledge is provided.

Download Full-text