{"title":"Detecting Unknown Insider Threat Scenarios","authors":"M. S. Lodhi, Rahul Kaul","doi":"10.5121/IJCSA.2016.6602","DOIUrl":null,"url":null,"abstract":"Problems from the inside of an organization’s perimeters are a significant threat, since it is very difficult to differentiate them from outside activity. In this dissertation, evaluate an insider threat detection motto on its ability to detect different type of scenarios that have not previously been identify or contemplated by the developers of the system. We show the ability to detect a large variety of insider threat scenario instances We report results of an ensemble-based, unsupervised technique for detecting potential insider threat, insider threat scenarios that robustly achieves results. We explore factors that contribute to the success of the ensemble method, such as the number and variety of unsupervised detectors and the use of existing knowledge encoded in scenario based detectors made for different known activity patterns. We report results over the entire period of the ensemble approach and of ablation experiments that remove the scenario-based detectors.","PeriodicalId":39465,"journal":{"name":"International Journal of Computer Science and Applications","volume":"10 1","pages":"15-21"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Computer Science and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5121/IJCSA.2016.6602","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 2
Abstract
Problems from the inside of an organization’s perimeters are a significant threat, since it is very difficult to differentiate them from outside activity. In this dissertation, evaluate an insider threat detection motto on its ability to detect different type of scenarios that have not previously been identify or contemplated by the developers of the system. We show the ability to detect a large variety of insider threat scenario instances We report results of an ensemble-based, unsupervised technique for detecting potential insider threat, insider threat scenarios that robustly achieves results. We explore factors that contribute to the success of the ensemble method, such as the number and variety of unsupervised detectors and the use of existing knowledge encoded in scenario based detectors made for different known activity patterns. We report results over the entire period of the ensemble approach and of ablation experiments that remove the scenario-based detectors.
期刊介绍:
IJCSA is an international forum for scientists and engineers involved in computer science and its applications to publish high quality and refereed papers. Papers reporting original research and innovative applications from all parts of the world are welcome. Papers for publication in the IJCSA are selected through rigorous peer review to ensure originality, timeliness, relevance, and readability.