Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data

Azaria, Amos; Richardson, Ariella; Kraus, Sarit; Subrahmanian, V. S.

doi:10.1109/tcss.2014.2377811

Cited by 110 publications

(61 citation statements)

References 70 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There are some works that propose hybridization of sampling and cost-sensitive learning [57]. Behavior analysis [3] Recognition of dangerous behavior (binary problem)…”

Section: Tackling Imbalanced Datamentioning

confidence: 99%

Learning from imbalanced data: open challenges and future directions

2016

View full text Add to dashboard Cite

Despite more than two decades of continuous development learning from imbalanced data is still a focus of intense research. Starting as a problem of skewed distributions of binary tasks, this topic evolved way beyond this conception. With the expansion of machine learning and data mining, combined with the arrival of big data era, we have gained a deeper insight into the nature of imbalanced learning, while at the same time facing new emerging challenges. Data-level and algorithm-level methods are constantly being improved and hybrid approaches gain increasing popularity. Recent trends focus on analyzing not only the disproportion between classes, but also other difficulties embedded in the nature of data. New real-life problems motivate researchers to focus on computationally efficient, adaptive and real-time methods. This paper aims at discussing open issues and challenges that need to be addressed to further develop the field of imbalanced learning. Seven vital areas of research in this topic are identified, covering the full spectrum of learning from imbalanced data: classification, regression, clustering, data streams, big data analytics and applications, e.g., in social media and computer vision. This paper provides a discussion and suggestions concerning lines of future research for each of them.

show abstract

“…There are some works that propose hybridization of sampling and cost-sensitive learning [57]. Behavior analysis [3] Recognition of dangerous behavior (binary problem)…”

Section: Tackling Imbalanced Datamentioning

confidence: 99%

Learning from imbalanced data: open challenges and future directions

2016

View full text Add to dashboard Cite

show abstract

“…In addition to above author, [18] approaches the scope of insider threats into unintentional insider threats which define as a current or former employee, contractor, or business partner who has or had authorized access to an organization's network, system, or data and who, through action or inaction without malicious intent, unwittingly causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of the organization's resources or assets, including information, information systems, or financial systems. The unintentional factors have few categorizations into organizational factor, i.e.…”

Section: 1insider Threats Cause By Human Factormentioning

confidence: 98%

An Insider Threat Categorization Framework for Automated Manufacturing Execution System

Mohammad

Yassin

Ahmad

et al. 2019

IJIES

View full text Add to dashboard Cite

Insider threats become one of the most dangerous threats in the cyber world as compared to outsider as the insiders have knowledge of assets. In addition, the threats itself considered in-visible and no one can predict what, when and how exactly the threat launched. Based on conducting literature, threat in Automated Manufacturing Execution Systems (AMESs) can be divided into three principle factors. Moreover, there is no standard framework to be referring which exist nowadays to categorize such factors in order to identify insider threats possible features. Therefore, from the conducted literature a standard theoretical categorization of insider threats framework for AMESs has been proposed. Hence, three principle factors, i.e. Human, Systems and Machine have considered as major categorization of insider threats. Consequently, the possible features for each factor identified based on previous researcher recommendations. Therefore, via identifying possible features and categorize it into principle factors or groups, a standard framework could be derived. These frameworks will contribute more benefit specifically in the manufacturing field as a reference to mitigate an insider threat. Keywords—automated manufacturing execution systems insider threats, factors and features, insider threat categorization framework.

show abstract

“…Insider threat research [35] shares some similarities with the APT problem as well. Indeed, an APT aims to take control of a legitimate host inside of an organization, and the attacker will try to emulate normal behavior in order to avoid detection.…”

Section: Insider Threatmentioning

confidence: 98%

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

et al. 2016

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) are the most critical menaces to modern organizations and the most challenging attacks to detect. They span over long periods of time, use encrypted connections and mimic normal behaviors in order to evade detection based on traditional defensive solutions. We propose an innovative approach that is able to analyze efficiently high volumes of network traffic to reveal weak signals related to data exfiltrations and other suspect APT activities. The final result is a ranking of the most suspicious internal hosts; this rank allows security specialists to focus their analyses on a small set of hosts out of the thousands of machines that typically characterize large organizations. Experimental evaluations in a network environment consisting of about 10K hosts show the feasibility and effectiveness of the proposed approach. Our proposal based on security analytics paves the way to novel forms of automatic defense aimed at early detection of APTs in large and continuously varying networked systems

show abstract

Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data

Cited by 110 publications

References 70 publications

Learning from imbalanced data: open challenges and future directions

Learning from imbalanced data: open challenges and future directions

An Insider Threat Categorization Framework for Automated Manufacturing Execution System

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

Contact Info

Product

Resources

About