Role-Based Profile Analysis for Scalable and Accurate Insider-Anomaly Detection

Park, J.S.; Giordano, Joseph

doi:10.1109/.2006.1629440

Cited by 26 publications

(17 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach, however, leads to false positives. Park and Giordano [25] reverse the Hu et al approach, analyzing a user's behavior and checking that it is as expected. Several researchers [26]- [28] incorporate risk assessment into an extended access control framework, adapting user privileges based on role, attributes, and level of trust, which drops when a user's behavior becomes suspicions.…”

Section: Related Workmentioning

confidence: 99%

Insider Threat Identification by Process Analysis

Bishop

Conboy

Phan

et al. 2014

2014 IEEE Security and Privacy Workshops

View full text Add to dashboard Cite

Abstract-The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.

show abstract

Section: Related Workmentioning

confidence: 99%

Insider Threat Identification by Process Analysis

Bishop

Conboy

Phan

et al. 2014

2014 IEEE Security and Privacy Workshops

View full text Add to dashboard Cite

show abstract

“…Although there is some existing work in this area (e.g., [77,94]), more research is needed to find practical solutions.…”

Section: Future Workmentioning

confidence: 99%

Network anomaly detection with incomplete audit data

Patcha

Park

2007

Computer Networks

View full text Add to dashboard Cite

(ABSTRACT)With the ever increasing deployment and usage of gigabit networks, traditional network anomaly detection based intrusion detection systems have not scaled accordingly. Most, if not all, systems deployed assume the availability of complete and clean data for the purpose of intrusion detection. We contend that this assumption is not valid. Factors like noise in the audit data, mobility of the nodes, and the large amount of data generated by the network make it difficult to build a normal traffic profile of the network for the purpose of anomaly detection.From this perspective, the leitmotif of the research effort described in this dissertation is the design of a novel intrusion detection system that has the capability to detect intrusions with high accuracy even when complete audit data is not available. In this dissertation, we take a holistic approach to anomaly detection to address the threats posed by network based denial-of-service attacks by proposing improvements in every step of the intrusion detection process. At the data collection phase, we have implemented an adaptive sampling scheme that intelligently samples incoming network data to reduce the volume of traffic sampled, while maintaining the intrinsic characteristics of the network traffic. A Bloom filters based fast flow aggregation scheme is employed at the data pre-processing stage to further reduce the response time of the anomaly detection scheme. Lastly, this dissertation also proposes an expectation-maximization algorithm based anomaly detection scheme that uses the sampled audit data to detect intrusions in the incoming network traffic.ii

show abstract

“…Park etc. [9] developed the monitoring mechanisms with the role-based profile and individual-based profiles. Moreover, they used frequencies of corresponding events as metrics.…”

Section: Related Workmentioning

confidence: 99%

Abnormal Behavior Analysis in Office Automation System within Organizations

Wang¹,

Zhou²,

Zhu³

et al. 2017

IJCCE

View full text Add to dashboard Cite

Abstract:Insider threat is a serious and increasing concern for many organizations. The group of individuals who operate within the organization have access to highly confidential and sensitive information, however, if they choose to act against the organization, with their privileged access authority and their extensive knowledge, they are well positioned to cause serious damage. Compared with vast amounts of normal daily operations, malicious behaviors are indeed small probability events, and are easily ignored. Thus, there is a desperate need to explore an effective approach to detect such suspicious behaviors. In order to solve this problem, we propose a two-stage algorithm to detect anomaly through analyzing user behavior based on activity log data collected in a real office automation system. In the first stage, we compare users' behavioral activities with activities of his/her belonging role, and in the second stage, we compare individual behavioral activities with his/her activities in a window period. By adopting several effective features to describe users' regular behavioral patterns, the analyst is capable of refining underlying abnormal users and abnormal periods to better support the network security administration.

show abstract

Role-Based Profile Analysis for Scalable and Accurate Insider-Anomaly Detection

Cited by 26 publications

References 16 publications

Insider Threat Identification by Process Analysis

Insider Threat Identification by Process Analysis

Network anomaly detection with incomplete audit data

Abnormal Behavior Analysis in Office Automation System within Organizations

Contact Info

Product

Resources

About