Professor Phil Legg Phil.Legg@uwe.ac.uk
Professor in Cyber Security
Visualizing the insider threat: Challenges and tools for identifying malicious user activity
Legg, Philip
Authors
Abstract
One of the greatest challenges for managing organisational cyber security is the threat that comes from those who operate within the organisation. With entitled access and knowledge of organisational processes, insiders who choose to attack have the potential to cause serious impact, such as financial loss, reputational damage, and in severe cases, could even threaten the existence of the organisation. Security analysts therefore require sophisticated tools that allow them to explore and identify user activity that could be in- dicative of an imminent threat to the organisation. In this work, we discuss the challenges associated with identifying insider threat activity, along with the tools that can help to combat this problem. We present a visual analytics approach that incorporates multiple views, including a user selection tool that indicates anomalous behaviour, an interactive Principal Component Analysis (iPCA) tool that aids the analyst to assess the reasoning behind the anomaly detection results, and an activity plot that visualizes user and role activity over time. We demonstrate our approach using the Carnegie Mellon University CERT Insider Threat Dataset to show how the visual analytics workflow supports the Information-Seeking mantra.
Citation
Legg, P. (2015, October). Visualizing the insider threat: Challenges and tools for identifying malicious user activity. Paper presented at IEEE Symposium on Visualization for Cyber Security, Chicago, Illinois, USA
| Presentation Conference Type | Conference Paper (unpublished) |
|---|---|
| Conference Name | IEEE Symposium on Visualization for Cyber Security |
| Conference Location | Chicago, Illinois, USA |
| Start Date | Oct 26, 2015 |
| End Date | Oct 26, 2015 |
| Acceptance Date | Sep 1, 2015 |
| Publication Date | Oct 26, 2015 |
| Publicly Available Date | Jun 5, 2019 |
| Journal | IEEE Symposium on Visualization for Cyber Security |
| Peer Reviewed | Peer Reviewed |
| Keywords | insider threat, behavioural analysis, model visualization |
| Public URL | https://uwe-repository.worktribe.com/output/804397 |
| Publisher URL | http://dx.doi.org/10.1109/VIZSEC.2015.7312772 |
| Related Public URLs | http://www.vizsec.org |
| Additional Information | Title of Conference or Conference Proceedings : IEEE Symposium on Visualization for Cyber Security |
Files
2015-VizSec_preprint.pdf
(4.3 Mb)
PDF
You might also like
Analyst-driven XAI for time series forecasting: Analytics for telecoms maintenance
(2024)
Conference Proceeding
Improving search space analysis of fuzzing mutators using cryptographic structures
(2023)
Conference Proceeding
Longitudinal risk-based security assessment of docker software container images
(2023)
Journal Article
Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range
(2023)
Journal Article
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search