Distance Measurement Methods for Improved Insider Threat Detection

Lo, Owen; Buchanan, William J.; Griffiths, Paul D.; Macfarlane, Richard

doi:10.1155/2018/5906368

Cited by 46 publications

(30 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Further, this result indicates lower overall AUC and higher accuracy than the latest studies. (Lo et al [36]: Accuracy 69%, Yuan et al [37]: AUC 0.9449)…”

Section: Fig 6 Results Of Optimized Insider Threat Detection Model Umentioning

confidence: 98%

Advanced insider threat detection model to apply periodic work atmosphere

2019

KSII TIIS

View full text Add to dashboard Cite

We developed an insider threat detection model to be used by organizations that repeat tasks at regular intervals. The model identifies the best combination of different feature selection algorithms, unsupervised learning algorithms, and standard scores. We derive a model specifically optimized for the organization by evaluating each combination in terms of accuracy, AUC (Area Under the Curve), and TPR (True Positive Rate). In order to validate this model, a four-year log was applied to the system handling sensitive information from public institutions. In the research target system, the user log was analyzed monthly based on the fact that the business process is processed at a cycle of one year, and the roles are determined for each person in charge. In order to classify the behavior of a user as abnormal, the standard scores of each organization were calculated and classified as abnormal when they exceeded certain thresholds. Using this method, we proposed an optimized model for the organization and verified it.

show abstract

“…Further, this result indicates lower overall AUC and higher accuracy than the latest studies. (Lo et al [36]: Accuracy 69%, Yuan et al [37]: AUC 0.9449)…”

Section: Fig 6 Results Of Optimized Insider Threat Detection Model Umentioning

confidence: 98%

Advanced insider threat detection model to apply periodic work atmosphere

2019

KSII TIIS

View full text Add to dashboard Cite

show abstract

“…Components of CPSD analysis (i.e., percentage of amplitude with the major peak, phase lag, and corresponding time-lag) are shown in Table 1. Major peaks in the amplitude spectra were identified by using a threshold quantified using a smoothed z-score algorithm [52][53][54]. The algorithm is based on the principle of dispersion and is robust as it builds a separate moving mean and deviation so that the signals themselves do not pollute the threshold [53].…”

Section: Resultsmentioning

confidence: 99%

“…Major peaks in the amplitude spectra were identified by using a threshold quantified using a smoothed z-score algorithm [52][53][54]. The algorithm is based on the principle of dispersion and is robust as it builds a separate moving mean and deviation so that the signals themselves do not pollute the threshold [53]. Peak or high amplitude indicates a strong correlation between response and forcing signal at that frequency.…”

Section: Resultsmentioning

confidence: 99%

“…The majority of the images were collected from Landsat-5 since it was the only source from 1984 to 2013. Landsat-7 data were avoided when any other version of Landsat data was available as it has a known issue with the scan line corrector (SLC) in the Landsat Enhanced Thematic Mapper Plus (ETM+) sensor that failed permanently in 2003 [53]. The remainder of the data came from Landsat-8.…”

Section: Forcing and Response Signalsmentioning

confidence: 99%

See 1 more Smart Citation

Wetland Dynamics Inferred from Spectral Analyses of Hydro-Meteorological Signals and Landsat Derived Vegetation Indices

2019

View full text Add to dashboard Cite

The dynamic response of coastal wetlands (CWs) to hydro-meteorological signals is a key indicator for understanding climate driven variations in wetland ecosystems. This study explored the response of CW dynamics to hydro-meteorological signals using time series of Landsat-derived normalized difference vegetation index (NDVI) values at six locations and hydro-meteorological time-series from 1984 to 2015 in Apalachicola Bay, Florida. Spectral analysis revealed more persistence in NDVI values for forested wetlands in the annual frequency domain, compared to scrub and emergent wetlands. This behavior reversed in the decadal frequency domain, where scrub and emergent wetlands had a more persistent NDVI than forested wetlands. The wetland dynamics were found to be driven mostly by the Apalachicola Bay water level and precipitation. Cross-spectral analysis indicated a maximum time-lag of 2.7 months between temperature and NDVI, whereas NDVI lagged water level by a maximum of 2.2 months. The quantification of persistent behavior and subsequent understanding that CW dynamics are mostly driven by water level and precipitation suggests that the severity of droughts, floods, and storm surges will be a driving factor in the future sustainability of CW ecosystems.

show abstract

“…Reference [33] implements a fuzzy classifier along with genetic algorithm (GA) to enhance the efficiency of a fuzzy classifier and the functionality of all other modules, to achieve better results in terms of false alarms. Reference [34] applies Hidden Markov method on a CERT dataset and analyses a number of distance vector methods in order to detect changes of behavior, which are shown to have success in determining different insider threats.…”

Section: Background and Related Workmentioning

confidence: 99%

An Insider Threat Detection Approach Based on Mouse Dynamics and Deep Learning

Niu

Zhang

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

In the current intranet environment, information is becoming more readily accessed and replicated across a wide range of interconnected systems. Anyone using the intranet computer may access content that he does not have permission to access. For an insider attacker, it is relatively easy to steal a colleague’s password or use an unattended computer to launch an attack. A common one-time user authentication method may not work in this situation. In this paper, we propose a user authentication method based on mouse biobehavioral characteristics and deep learning, which can accurately and efficiently perform continuous identity authentication on current computer users, thus to address insider threats. We used an open-source dataset with ten users to carry out experiments, and the experimental results demonstrated the effectiveness of the approach. This approach can complete a user authentication task approximately every 7 seconds, with a false acceptance rate of 2.94% and a false rejection rate of 2.28%.

show abstract

Distance Measurement Methods for Improved Insider Threat Detection

Cited by 46 publications

References 12 publications

Advanced insider threat detection model to apply periodic work atmosphere

Advanced insider threat detection model to apply periodic work atmosphere

Wetland Dynamics Inferred from Spectral Analyses of Hydro-Meteorological Signals and Landsat Derived Vegetation Indices

An Insider Threat Detection Approach Based on Mouse Dynamics and Deep Learning

Contact Info

Product

Resources

About