Professor Phil Legg Phil.Legg@uwe.ac.uk
Professor in Cyber Security
Automated insider threat detection system using user and role-based profile assessment
Legg, Philip A.; Buckley, Oliver; Goldsmith, Michael; Creese, Sadie
Authors
Oliver Buckley
Michael Goldsmith
Sadie Creese
Abstract
© 2007-2012 IEEE. Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. This could range from financial theft and intellectual property theft to the destruction of property and business reputation. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. In this paper, we describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the user's behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using ten synthetic data-driven scenarios and found that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst.
| Journal Article Type | Article |
|---|---|
| Acceptance Date | May 23, 2015 |
| Online Publication Date | Jun 17, 2015 |
| Publication Date | Jun 1, 2017 |
| Deposit Date | Jun 23, 2015 |
| Publicly Available Date | Sep 8, 2017 |
| Journal | IEEE Systems Journal |
| Print ISSN | 1932-8184 |
| Publisher | Institute of Electrical and Electronics Engineers |
| Peer Reviewed | Peer Reviewed |
| Volume | 11 |
| Issue | 2 |
| Pages | 503-512 |
| DOI | https://doi.org/10.1109/JSYST.2015.2438442 |
| Keywords | insider threat, anomaly detection, cyber security, organizations, electronic mail, computer security, feature extraction, intellectual property, psychology |
| Public URL | https://uwe-repository.worktribe.com/output/833645 |
| Publisher URL | http://dx.doi.org/10.1109/JSYST.2015.2438442 |
| Additional Information | Additional Information : (c) 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. |
| Contract Date | Feb 23, 2016 |
Files
anomaly_ieee_may2015.pdf
(12.8 Mb)
PDF
You might also like
Visual analytics of e-mail sociolinguistics for user behavioural analysis
(2014)
Journal Article
Visualizing the insider threat: Challenges and tools for identifying malicious user activity
(2015)
Presentation / Conference Contribution
Quasi-Hamming distances: An overarching concept for measuring glyph similarity
(2015)
Presentation / Conference Contribution
Understanding insider threat: A framework for characterising attacks
(2014)
Presentation / Conference Contribution
Glyph sorting: Interactive visualization for multi-dimensional data
(2013)
Journal Article
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search