Dr Phil Legg Phil.Legg@uwe.ac.uk
Professor in Cyber Security
Dr Phil Legg Phil.Legg@uwe.ac.uk
Professor in Cyber Security
Oliver Buckley
Michael Goldsmith
Sadie Creese
© 2007-2012 IEEE. Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. This could range from financial theft and intellectual property theft to the destruction of property and business reputation. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. In this paper, we describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the user's behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using ten synthetic data-driven scenarios and found that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst.
Legg, P. A., Buckley, O., Goldsmith, M., & Creese, S. (2017). Automated insider threat detection system using user and role-based profile assessment. IEEE Systems Journal, 11(2), 503-512. https://doi.org/10.1109/JSYST.2015.2438442
Journal Article Type | Article |
---|---|
Acceptance Date | May 23, 2015 |
Online Publication Date | Jun 17, 2015 |
Publication Date | Jun 1, 2017 |
Deposit Date | Jun 23, 2015 |
Publicly Available Date | Feb 23, 2016 |
Journal | IEEE Systems Journal |
Print ISSN | 1932-8184 |
Electronic ISSN | 1937-9234 |
Publisher | Institute of Electrical and Electronics Engineers |
Peer Reviewed | Peer Reviewed |
Volume | 11 |
Issue | 2 |
Pages | 503-512 |
DOI | https://doi.org/10.1109/JSYST.2015.2438442 |
Keywords | insider threat, anomaly detection, cyber security, organizations, electronic mail, computer security, feature extraction, intellectual property, psychology |
Public URL | https://uwe-repository.worktribe.com/output/833645 |
Publisher URL | http://dx.doi.org/10.1109/JSYST.2015.2438442 |
Additional Information | Additional Information : (c) 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. |
anomaly_ieee_may2015.pdf
(12.8 Mb)
PDF
RicherPicture: Semi-automated cyber defence using context-aware data analytics
(2017)
Presentation / Conference
Glyph visualization: A fail-safe design scheme based on quasi-hamming distances
(2017)
Journal Article
Visual analytics for non-expert users in cyber situation awareness
(2016)
Journal Article
Enhancing cyber situation awareness for non-expert users using visual analytics
(2016)
Presentation / Conference
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
Apache License Version 2.0 (http://www.apache.org/licenses/)
Apache License Version 2.0 (http://www.apache.org/licenses/)
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Advanced Search