Insider Threat Detection Through Attributed Graph Clustering

09/01/2018
by   Anagi Gamachchi, et al.
0

While most organizations continue to invest in traditional network defences, a formidable security challenge has been brewing within their own boundaries. Malicious insiders with privileged access in the guise of a trusted source have carried out many attacks causing far-reaching damage to financial stability, national security and brand reputation for both public and private sector organizations. Growing exposure and impact of the whistleblower community and concerns about job security with changing organizational dynamics has further aggravated this situation. The unpredictability of malicious attackers, as well as the complexity of malicious actions, necessitates the careful analysis of network, system and user parameters correlated with the insider threat problem. Thus it creates a high dimensional, heterogeneous data analysis problem in isolating suspicious users. This research work proposes an insider threat detection framework, which utilizes the attributed graph clustering techniques and outlier ranking mechanism for enterprise users. Empirical results also confirm the effectiveness of the method by achieving the best area under the curve value of 0.7648 for the receiver operating characteristic curve.

READ FULL TEXT
research
09/01/2018

A Graph Based Framework for Malicious Insider Threat Detection

While most security projects have focused on fending off attacks coming ...
research
07/24/2019

Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier

Insider threats continue to present a major challenge for the informatio...
research
03/03/2020

SoK: A Survey of Open Source Threat Emulators

Threat emulators are tools or sets of scripts that emulate cyber-attacks...
research
06/02/2010

Métodos para la Selección y el Ajuste de Características en el Problema de la Detección de Spam

The email is used daily by millions of people to communicate around the ...
research
12/09/2022

CopAS: A Big Data Forensic Analytics System

With the advancing digitization of our society, network security has bec...
research
11/23/2022

Unsupervised User-Based Insider Threat Detection Using Bayesian Gaussian Mixture Models

Insider threats are a growing concern for organizations due to the amoun...
research
06/02/2020

Threat Detection and Investigation with System-level Provenance Graphs: A Survey

With the development of information technology, the border of the cybers...

Please sign up or login with your details

Forgot password? Click here to reset