Professor Phil Legg Phil.Legg@uwe.ac.uk
Professor in Cyber Security
Caught in the Act of an Insider Attack: Detection and Assessment of Insider Threat
Legg, Philip A.; Buckley, Oliver; Goldsmith, Michael; Creese, Sadie
Authors
Oliver Buckley
Michael Goldsmith
Sadie Creese
Abstract
The greatest asset that any organisation has are its people, but they may also be the greatest threat. Those who are within the organisation may have authorised access to vast amounts of sensitive company records that are essential for maintaining competitiveness and market position, and knowledge of information services and procedures that are crucial for daily operations. In many cases, those who have such access do indeed require it in order to conduct their expected workload. However, should an individual choose to act against the organisation, then with their privileged access and their extensive knowledge, they are well positioned to cause serious damage. Insider threat is becoming a serious and increasing concern for many organisa- tions, with those who have fallen victim to such attacks suffering significant damages including financial and reputational. It is clear then, that there is a desperate need for more effective tools for detecting the presence of insider threats and analyzing the potential of threats before they escalate. We propose Corporate Insider Threat Detection (CITD), an anomaly detection system that is the result of a multi-disciplinary research project that incorporates technical and behavioural activities to assess the threat posed by individuals. The system identifies user and role-based profiles, and measures how users deviate from their observed behaviours to assess the potential threat that a series of activities may pose. In this paper, we present an overview of the system and describe the concept of operations and practicalities of deploying the system. We show how the system can be utilised for unsupervised detection, and also how the human analyst can engage to provide an active learning feedback loop. By adopting an accept or reject scheme, the analyst is capable of refining the underlying detection model to better support their decision- making process and significant reduce the false positive rate.
Citation
Legg, P. A., Buckley, O., Goldsmith, M., & Creese, S. (2015, April). Caught in the Act of an Insider Attack: Detection and Assessment of Insider Threat. Paper presented at IEEE International Symposium on Technologies for Homeland Security, Waltham, USA
| Presentation Conference Type | Conference Paper (unpublished) |
|---|---|
| Conference Name | IEEE International Symposium on Technologies for Homeland Security |
| Conference Location | Waltham, USA |
| Start Date | Apr 14, 2015 |
| End Date | Apr 16, 2015 |
| Publication Date | Apr 1, 2015 |
| Deposit Date | Aug 13, 2015 |
| Publicly Available Date | May 14, 2016 |
| Peer Reviewed | Peer Reviewed |
| Keywords | insider attack, insider threat, organisations |
| Public URL | https://uwe-repository.worktribe.com/output/836569 |
| Publisher URL | http://www.ieee-hst.org/ |
| Additional Information | Title of Conference or Conference Proceedings : IEEE International Symposium on Technologies for Homeland Security |
Files
2015_ieeehst.pdf
(4.9 Mb)
PDF
You might also like
Analyst-driven XAI for time series forecasting: Analytics for telecoms maintenance
(2024)
Conference Proceeding
Improving search space analysis of fuzzing mutators using cryptographic structures
(2023)
Conference Proceeding
Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range
(2023)
Journal Article
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search