Professor Phil Legg Phil.Legg@uwe.ac.uk
Professor in Cyber Security
Human-machine decision support systems for insider threat detection
Legg, Philip
Authors
Contributors
Iv�n Palomares
Editor
Harsha Kalutarage
Editor
Yan Huang
Editor
Abstract
Insider threats are recognised to be quite possibly the most damaging attacks that an organisation could experience. Those on the inside, who have privileged access and knowledge, are already in a position of great responsibility for contributing towards the security and operations of the organisation. Should an individual choose to exploit this privilege, perhaps due to disgruntlement or external coercion from a competitor, then the potential impact to the organisation can be extremely damaging. There are many proposals of using machine learning and anomaly detection techniques as a means of automated decision-making about which insiders are acting in a suspicious or malicious manner, as a form of large scale data analytics. However, it is well recognised that this poses many challenges, for example, how do we capture an accurate representation of normality to assess insiders against, within a dynamic and ever-changing organisation? More recently, there has been interest in how visual analytics can be incorporated with machine-based approaches, to alleviate the data analytics challenges of anomaly detection and to support human reasoning through visual interactive interfaces. Furthermore, by combining visual analytics and active machine learning, there is potential capability for the analysts to impart their domain expert knowledge back to the system, so as to iteratively improve the machine-based decisions based on the human analyst preferences. With this combined human-machine approach to decision-making about potential threats, the system can begin to more accurately capture human rationale for the decision process, and reduce the false positives that are flagged by the system. In this work, I reflect on the challenges of insider threat detection, and look to how human-machine decision support systems can offer solutions towards this.
Deposit Date | Mar 27, 2017 |
---|---|
Peer Reviewed | Peer Reviewed |
Book Title | Data Analytics and Decision Support for Cybersecurity: Trends, Methodologies and Applications |
ISBN | 9783319594385 |
Keywords | human-machine, support systems, insider threat detection |
Public URL | https://uwe-repository.worktribe.com/output/896636 |
Publisher URL | http://www.springer.com/gb/book/9783319594385 |
Contract Date | Mar 27, 2017 |
You might also like
Visual analytics of e-mail sociolinguistics for user behavioural analysis
(2014)
Journal Article
Visualizing the insider threat: Challenges and tools for identifying malicious user activity
(2015)
Presentation / Conference Contribution
Quasi-Hamming distances: An overarching concept for measuring glyph similarity
(2015)
Presentation / Conference Contribution
Understanding insider threat: A framework for characterising attacks
(2014)
Presentation / Conference Contribution
Glyph sorting: Interactive visualization for multi-dimensional data
(2013)
Journal Article
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search