Identifying and Visualizing the Malicious Insider Threat Using Bipartite Graphs

Nance, Kara; Marty, Raffael

doi:10.1109/hicss.2011.231

Cited by 22 publications

(16 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although there are limitations when analyzing the massive amounts data using visualization techniques, researchers have started using visualization techniques to find anomalies in security threats (Ferebee & Dasgupta, 2006;Kasemsri, 2006). More specifically, there are two categories of visualization techniques that are aimed at insider threat analysis: pixel-oriented color maps (Colombe & Stephens, 2004) and graph-based visualization (Eberle & Holder, 2009;Nance & Marty, 2011). Colombe and Stephens designed a visualization approach that maps pixeloriented color maps to measured frequencies of certain symbols that have appeared in network traffic in order to detect anomalies visually.…”

Section: Visualization Approachesmentioning

confidence: 99%

Detecting Insider Threats: Solutions and Trends

Zeadally

Jeong

et al. 2012

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

Section: Visualization Approachesmentioning

confidence: 99%

Detecting Insider Threats: Solutions and Trends

Zeadally

Jeong

et al. 2012

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

“…We screened 177 abstracts, evaluated 50 full-text articles, and included 37 articles-a total of 22 studies (59 %) propose novel IDPAs [9,. The other 15 papers either propose new features for IDP or discusses challenges associated with IDP [33][34][35][36][37][38][39][40][41][42][43][44][45][46][47]. Figure 1 presents the flow chart of the study selection process.…”

Section: Study Selectionmentioning

confidence: 99%

Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis

Gheyas

Abdallah

2016

Big Data Anal

View full text Add to dashboard Cite

Cyber security is vital to the success of today's digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and prediction nowadays? 2) What are the challenges associated with insider threat detection and prediction? 3) What are the best-to-date insider threat detection and prediction algorithms? We conduct a systematic review of 37 articles published in peer-reviewed journals, conference proceedings and edited books for the period of 1950-2015 to address the first two questions. Our survey suggests that game theoretic approach (GTA) is a popular source of insider threat data; the insiders' online activities are the most widely used features in insider threat detection and prediction; most of the papers use single point estimates of threat likelihood; and graph algorithms are the most widely used tools for detecting and predicting insider threats. The key challenges facing the insider threat detection and prediction system include unbounded patterns, uneven time lags between activities, data nonstationarity, individuality, collusion attacks, high false alarm rates, class imbalance problem, undetected insider attacks, uncertainty, and the large number of free parameters in the model. To identify the best-to-date insider threat detection and prediction algorithms, our meta-analysis study excludes theoretical papers proposing conceptual algorithms from the 37 selected papers resulting in the selection of 13 papers. We rank the insider threat detection and prediction algorithms presented in the 13 selected papers based on the theoretical merits and the transparency of information. To determine the significance of rank sums, we perform "the Friedman two-way analysis of variance by ranks" test and "multiple comparisons between groups or conditions" tests.

show abstract

“…It includes tools that visually detect anomalies and possible attacks through pattern matching [7] or by using machine learning to check for anomalous behavior [1]. Other tools establish acceptable action patterns to easily detect anomalous patterns [17]. These tools use visualizations like color maps [7] and different types of graphs like attack-pattern trees [1] or bipartite graphs [17].…”

Section: Background Literaturementioning

confidence: 99%

“…Other tools establish acceptable action patterns to easily detect anomalous patterns [17]. These tools use visualizations like color maps [7] and different types of graphs like attack-pattern trees [1] or bipartite graphs [17].…”

Section: Background Literaturementioning

confidence: 99%

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

Sethi

Paci

Wills

2016

2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)

View full text Add to dashboard Cite

Abstract-Cyber-security visualization is an up-and-coming area which aims to reduce security analysts' workload by presenting information as visual analytics rather than a string of text and characters. But the adoption of the resultant visualizations has not increased. The literature indicates a research gap of a lack of guidelines and standardized evaluation techniques for effective visualization in cyber-security, as a reason for it. Therefore, this research addresses the research gap by developing a framework called EEVi for effective cyber-security visualizations for the performed task. The term 'effective visualization' can be defined as the features of visualization that are crucial to perform a certain task successfully. EEVi has been developed by analyzing qualitative data that leads to the formation of cognitive relationships (called links) between data that act as guidelines for effective cyber-security visualization in terms of the performed task. The methodology to develop this framework can be applied to other fields to understand cognitive relationships between data. Additionally, the analysis presents a glimpse into the usage of EEVi in cyber-security visualization.

show abstract

Identifying and Visualizing the Malicious Insider Threat Using Bipartite Graphs

Cited by 22 publications

References 9 publications

Detecting Insider Threats: Solutions and Trends

Detecting Insider Threats: Solutions and Trends

Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

Contact Info

Product

Resources

About