Insider Threat Detection with Behavior-Based Attestation

2014 ◽  
Vol 568-570 ◽  
pp. 1370-1375
Author(s):  
Heng Qin ◽  
Jin Hui Zhao
Keyword(s):  
Information System ◽  
User Behavior ◽  
Insider Threat ◽  
Threat Detection ◽  
Subjective Logic ◽  
Network Information ◽  
Perception Process ◽  
Behavior Based ◽  
The Impact ◽  
Huge Challenge

Insiders, who have the lawful authority in network information system, formed a huge threat to security by abuse and misuse of authority. It has become one of huge challenge to the security of information system. Against the features of more subtle and more difficult to find, this paper study how to perceive the trusted behavior of insiders with behavior-based attestation. Taking into account the impact of various uncertainties in monitoring and perception process, dynamic awareness model of insider threat is presented based on subjective logic. In order to find the insider threats, monitoring data of actual behaviors are compared with operation tree; legality of the user behavior dynamically analyzed according to historical experience and current experience; the trust of user behavior legitimacy is represented as trust point in subjective logic. Finally, experiments are employed to test the validity and applicability of proposed method.

Insider Threat Detection Using Supervised Machine Learning Algorithms on an Extremely Imbalanced Dataset

2020 ◽  
Vol 10 (2) ◽  
pp. 1-26
Author(s):  
Naghmeh Moradpoor Sheykhkanloo ◽  
Adam Hall
Keyword(s):  
Machine Learning ◽  
Performance Metrics ◽  
Machine Learning Algorithms ◽  
Third Party ◽  
Supervised Machine Learning ◽  
Machine Learning Techniques ◽  
Insider Threat ◽  
Threat Detection ◽  
Imbalanced Dataset ◽  
The Impact

An insider threat can take on many forms and fall under different categories. This includes malicious insider, careless/unaware/uneducated/naïve employee, and the third-party contractor. Machine learning techniques have been studied in published literature as a promising solution for such threats. However, they can be biased and/or inaccurate when the associated dataset is hugely imbalanced. Therefore, this article addresses the insider threat detection on an extremely imbalanced dataset which includes employing a popular balancing technique known as spread subsample. The results show that although balancing the dataset using this technique did not improve performance metrics, it did improve the time taken to build the model and the time taken to test the model. Additionally, the authors realised that running the chosen classifiers with parameters other than the default ones has an impact on both balanced and imbalanced scenarios, but the impact is significantly stronger when using the imbalanced dataset.

scholarly journals Analysis of Malware Impact on Network Traffic using Behavior-based Detection Technique

2020 ◽  
Vol 1 (1) ◽  
pp. 17-25 ◽  
Author(s):  
Adib Fakhri Muhtadi ◽  
Ahmad Almaarif
Keyword(s):  
Computer Program ◽  
Network Traffic ◽  
Data Use ◽  
Detection Technique ◽  
Network Information ◽  
Detection Techniques ◽  
Network Traffic Analysis ◽  
Malicious Activity ◽  
Behavior Based ◽  
The Impact

Malware is a software or computer program that is used to carry out malicious activity. Malware is made with the aim of harming user’s device because it can change user’s data, use up bandwidth and other resources without user's permission. Some research has been done before to identify the type of malware and its effects. But previous research only focused on grouping the types of malware that attack via network traffic. This research analyzes the impact of malware on network traffic using behavior-based detection techniques. This technique analyzes malware by running malware samples into an environment and monitoring the activities caused by malware samples. To obtain accurate results, the analysis is carried out by retrieving API call network information and network traffic activities. From the analysis of the malware API call network, information is generated about the order of the API call network used by malware. Using the network traffic, obtained malware activities by analyzing the behavior of network traffic malware, payload, and throughput of infected traffic. Furthermore, the results of the API call network sequence used by malware and the results of network traffic analysis, are analyzed so that the impact of malware on network traffic can be determined.

scholarly journals Analysis of Malware Impact on Network Traffic using Behavior-based Detection Technique

2020 ◽  
Vol 1 (1) ◽  
pp. 17-25
Author(s):  
Adib Fakhri Muhtadi ◽  
Ahmad Almaarif
Keyword(s):  
Computer Program ◽  
Network Traffic ◽  
Data Use ◽  
Detection Technique ◽  
Network Information ◽  
Detection Techniques ◽  
Network Traffic Analysis ◽  
Malicious Activity ◽  
Behavior Based ◽  
The Impact

Malware is a software or computer program that is used to carry out malicious activity. Malware is made with the aim of harming users because it can change users' data, use up bandwidth and other resources without the user's permission. Some research has been done before to identify the type of malware and its effects. But previous research only focused on grouping the types of malware that attack via network traffic. P. This research analyzes the impact of malware on network traffic using behavior-based detection techniques. This technique analyzes malware by running malware samples into an environment and monitoring the activities caused by malware samples. To obtain accurate results, the analysis is carried out by retrieving API call network information and network traffic activities. From the analysis of the malware call network API , information is generated about the order of the call network API used by malware . Then from the network traffic, obtained malware activities by analyzing the behavior of network traffic malware, payload, and bandwidth of infected traffic. Furthermore, the results of the call network API sequence used by malware and the results of network traffic analysis, are analyzed so that the impact of malware can be determined on network traffic.

Insider Threat Detection based on User behavior Model and Novelty Detection Algorithms

2017 ◽  
Vol 43 (4) ◽  
pp. 276-287 ◽  
Author(s):  
Haedong Kim ◽  
Junhong Kim ◽  
Minsik Park ◽  
Suhyoun Cho ◽  
Pilsung Kang
Keyword(s):  
User Behavior ◽  
Novelty Detection ◽  
Insider Threat ◽  
Threat Detection ◽  
Behavior Model ◽  
Detection Algorithms

scholarly journals Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms

2019 ◽  
Vol 9 (19) ◽  
pp. 4018 ◽  
Author(s):  
Kim ◽  
Park ◽  
Kim ◽  
Cho ◽  
Kang
Keyword(s):  
Anomaly Detection ◽  
User Behavior ◽  
Behavior Modeling ◽  
Detection Methods ◽  
Insider Threat ◽  
Threat Detection ◽  
Insider Threats ◽  
Domain Experts ◽  
User Behavior Modeling ◽  
Detection Algorithms

Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very familiar with an organization’s system, it is very difficult to detect their malicious behavior. Traditional insider-threat detection methods focus on rule-based approaches built by domain experts, but they are neither flexible nor robust. In this paper, we propose insider-threat detection methods based on user behavior modeling and anomaly detection algorithms. Based on user log data, we constructed three types of datasets: user’s daily activity summary, e-mail contents topic distribution, and user’s weekly e-mail communication history. Then, we applied four anomaly detection algorithms and their combinations to detect malicious activities. Experimental results indicate that the proposed framework can work well for imbalanced datasets in which there are only a few insider threats and where no domain experts’ knowledge is provided.

scholarly journals Mini-Review: The Influence of User Behavior on the Success of Information System Implementation: Towards the Development of Behavior-Based Information System Requirements

2021 ◽  
Vol 317 ◽  
pp. 05026
Author(s):  
Sali Alas M ◽  
Purwanto ◽  
Farikhin
Keyword(s):  
Information System ◽  
Information Systems ◽  
Development Process ◽  
User Behavior ◽  
System Development ◽  
Successful Implementation ◽  
User Behaviour ◽  
System Requirements ◽  
The Impact ◽  
Development Of Behavior

The characteristics and behaviour of information system users have a big influence on the successful implementation of information systems. There have been many studies that reveal the effects of user behaviour related to technology and information systems. The majority of research conducted deals with the impact of culture on user behaviour after the implementation of information systems. Very few journals discuss how the characteristics and factors of user behaviour are used as inputs that affect the information system development process. This research was conducted to conduct a literature review regarding the dominant factors in user behaviour and to see their impact on the development of information systems. The results of the study are in the form of synthesis to see the opportunity to include these user behaviour factors into components of the information system requirements.

Sign in / Sign up

Export Citation Format

Share Document