Explaining and Aggregating Anomalies to Detect Insider Threats

Goldberg, Henry G.; Young, William T.; Memory, Alex; Senator, Ted E.

doi:10.1109/hicss.2016.344

Cited by 10 publications

(10 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It has three levels of explanation need to be considered to support the analyst such as consists of pre-computed single feature detection scores which available for examination, a collection of features or sets of features contributed to anomaly score from an individual detector for individual users and combinations of the contribution from different type of detectors that are incorporated into the ensemble computation of overall anomaly scores. From the level of explanation and approachable methods, PRODIGAL can give sureness to detect recognized, assumed insider threat situations, variations and the combination of situation [26]. Moreover, [27] proposed Corporate Insider Threat Detection (CITD) system which is capable of gaining a general feature set that characterizes the user's current activity in the organization at former time steps and amongst several users.…”

Section: 2insider Threats Cause By System Factormentioning

confidence: 99%

“…Beside human factor explained above, the study also has been conducted on some features of system factor such as repeated improper behavior [26] which can be described as what consequences of system failure that contribute to the reputation of an organizational or production fields. Other than that, author [41] reported one of the contributing factors of system failure when employee frequently gives respond to any phishing email.…”

Section: Framework Of Automated Manufacturing Execution Systemmentioning

confidence: 99%

See 1 more Smart Citation

An Insider Threat Categorization Framework for Automated Manufacturing Execution System

Mohammad

Yassin

Ahmad

et al. 2019

IJIES

View full text Add to dashboard Cite

Insider threats become one of the most dangerous threats in the cyber world as compared to outsider as the insiders have knowledge of assets. In addition, the threats itself considered in-visible and no one can predict what, when and how exactly the threat launched. Based on conducting literature, threat in Automated Manufacturing Execution Systems (AMESs) can be divided into three principle factors. Moreover, there is no standard framework to be referring which exist nowadays to categorize such factors in order to identify insider threats possible features. Therefore, from the conducted literature a standard theoretical categorization of insider threats framework for AMESs has been proposed. Hence, three principle factors, i.e. Human, Systems and Machine have considered as major categorization of insider threats. Consequently, the possible features for each factor identified based on previous researcher recommendations. Therefore, via identifying possible features and categorize it into principle factors or groups, a standard framework could be derived. These frameworks will contribute more benefit specifically in the manufacturing field as a reference to mitigate an insider threat. Keywords—automated manufacturing execution systems insider threats, factors and features, insider threat categorization framework.

show abstract

Section: 2insider Threats Cause By System Factormentioning

confidence: 99%

Section: Framework Of Automated Manufacturing Execution Systemmentioning

confidence: 99%

An Insider Threat Categorization Framework for Automated Manufacturing Execution System

Mohammad

Yassin

Ahmad

et al. 2019

IJIES

View full text Add to dashboard Cite

show abstract

“…Mitigation techniques can be also developed following e.g., [41]. The idea would be to develop a SMAll helper service that monitors workflows and, once an attack by an insider is discovered, it appropriately redirects the workflow to avoid further damage.…”

Section: Travelmentioning

confidence: 99%

Insider Threats in Emerging Mobility-as-a-Service Scenarios

Callegati¹,

Giallorenzo

Melis³

et al. 2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

Abstract-Mobility as a Service (MaaS) applies the everything-asa-service paradigm of Cloud Computing to transportation: a MaaS provider offers to its users the dynamic composition of solutions of different travel agencies into a single, consistent interface.Traditionally, transits and data on mobility belong to a scattered plethora of operators. Thus, we argue that the economic model of MaaS is that of federations of providers, each trading its resources to coordinate multi-modal solutions for mobility. Such flexibility comes with many security and privacy concerns, of which insider threat is one of the most prominent. In this paper, we follow a tiered structure -from individual operators to markets of federated MaaS providers -to classify the potential threats of each tier and propose the appropriate countermeasures, in an effort to mitigate the problems.

show abstract

“…[12] We present findings from experiments to detect instances of insider threat scenarios inserted into a real database from monitored activity on users' computers seeded with independently-…”

Section: Introductionmentioning

confidence: 99%

Insider Threat Detection in PRODIGAL

Goldberg

Young

Reardon

et al. 2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

Abstract-This paper reports on insider threat detection research, during which a prototype system (PRODIGAL)1 was developed and operated as a testbed for exploring a range of detection and analysis methods. The data and test environment, system components, and the core method of unsupervised detection of insider threat leads are presented to document this work and benefit others working in the insider threat domain.We also discuss a core set of experiments evaluating the prototype's ability to detect both known and unknown malicious insider behaviors. The experimental results show the ability to detect a large variety of insider threat scenario instances imbedded in real data with no prior knowledge of what scenarios are present or when they occur.We report on an ensemble-based, unsupervised technique for detecting potential insider threat instances. When run over 16 months of real monitored computer usage activity augmented with independently developed and unknown but realistic, insider threat scenarios, this technique robustly achieves results within five percent of the best individual detectors identified after the fact. We discuss factors that contribute to the success of the ensemble method, such as the number and variety of unsupervised detectors and the use of prior knowledge encoded in detectors designed for specific activity patterns.Finally, the paper describes the architecture of the prototype system, the environment in which we conducted these experiments and that is in the process of being transitioned to operational users.

show abstract

Explaining and Aggregating Anomalies to Detect Insider Threats

Cited by 10 publications

References 19 publications

An Insider Threat Categorization Framework for Automated Manufacturing Execution System

An Insider Threat Categorization Framework for Automated Manufacturing Execution System

Insider Threats in Emerging Mobility-as-a-Service Scenarios

Insider Threat Detection in PRODIGAL

Contact Info

Product

Resources

About