Simulated User Bots: Real Time Testing of Insider Threat Detection Systems

Dutta, Preetam; Ryan, Gabriel; Zieba, Aleksander; Stolfo, Salvatore J.

doi:10.1109/spw.2018.00038

Cited by 11 publications

(5 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In other words, our synthetic data, for all but privacy infractions, was the same. 143 What is more, even beyond our case study, similar research concurs in our results: Synthetic data is a valid alternative to original data. 144 A budding body of research has found that when comparing analysis using original data to analysis using synthetic data, for the most part, the results are indistinguishable, even by domain experts.…”

Section: Evaluation Of Synthetic Datasupporting

confidence: 89%

Privacy and Synthetic Datasets

Bellovin¹,

Dutta²,

Reitinger³

2018

Preprint

View full text Add to dashboard Cite

Sharing is a virtue, instilled in us from childhood. Unfortunately, when it comes to big data—i.e., databases possessing the potential to usher in a whole new world of scientific progress—the legal landscape prefers a hoggish motif. The historic approach to the resulting database–privacy problem has been anonymization, a subtractive technique incurring not only poor privacy results, but also lackluster utility. In anonymization’s stead, differential privacy arose; it provides better, near-perfect privacy, but is nonetheless subtractive in terms of utility. Today, another solution is leaning into the fore, synthetic data. Using the magic of machine learning, synthetic data offers a generative, additive approach—the creation of almost-but-not-quite replica data. In fact, as we recommend, synthetic data may be combined with differential privacy to achieve a best-of-both-worlds scenario. After unpacking the technical nuances of synthetic data, we analyze its legal implications, finding both over and under inclusive applications. Privacy statutes either overweigh or downplay the potential for synthetic data to leak secrets, inviting ambiguity. We conclude by finding that synthetic data is a valid, privacy-conscious alternative to raw data, but is not a cure-all for every situation. In the end, computer science progress must be met with proper policy in order to move the area of useful data dissemination forward.

show abstract

Section: Evaluation Of Synthetic Datasupporting

confidence: 89%

Privacy and Synthetic Datasets

Bellovin¹,

Dutta²,

Reitinger³

2018

Preprint

View full text Add to dashboard Cite

show abstract

“…This research aims to catalog human as well as technical factors associated with insider threat risks to inform the development of more proactive approaches to insider threat assessment. In [12], the detection of the insider is based on a real-time testing simulation of real users, generating user data to test the detection of malicious users. We found other updated and relevant resources in [13] which is one of the latest surveys that summarized techniques for insider threat identification and detection.…”

Section: Context and Related Workmentioning

confidence: 99%

A Structured Approach to Insider Threat Monitoring for Offensive Security Teams

Sadi

Berardi

Callegati

et al. 2023

2023 IEEE 20th Consumer Communications &Amp; Networking Conference (CCNC)

View full text Add to dashboard Cite

In many countries, government agencies resort to third parties to acquire security services of many kinds, including Red Team operations to test the effectiveness of own defenses mechanisms. Absolute trust is a key requirement, lest a potentially devastating finding be exploited by a treacherous Red Team against the same entity which commissioned the operation, or sold to its adversaries. In our endeavour as a joint private-academic initiative to address this peculiar market, we observed that a structured approach to this issue is much less common than we would have expected. In this work, we outline the process we are devising to offer customers a verified environment, but integrating it with an evidence-based proof of their correct behavior during the operation, striving to solve the "Quis custodiet ipsos custodes" struggle in an offensive setting.

show abstract

“…Yet, all of the abovementioned methods mainly preserve statistics of various traffic characteristics but lack the ability to preserve common sequences within the traffic. Dutta et al [4] present a framework for simulating user bots by imitating the actions of real users and demonstrate its successful implementation for intrusion detection. While their work is based on predefined rules, we will approach a similar task with machine learning techniques that will allow an automated extraction of real user behavior.…”

Section: Traffic Generationmentioning

confidence: 99%

“…The "usefulness" of synthetic data has been validated by studies like [1][2][3][4]. In this study we examine the use of synthetic data on another type of data, network traffic data.…”

mentioning

confidence: 99%

Sequence Preserving Network Traffic Generation

Shaked,

Zamir,

Vainshtein

et al. 2020

Preprint

View full text Add to dashboard Cite

We present the Network Traffic Generator (NTG), a framework for perturbing recorded network traffic with the purpose of generating diverse but realistic background traffic for network simulation and what-if analysis in enterprise environments. The framework preserves many characteristics of the original traffic recorded in an enterprise, as well as sequences of network activities. Using the proposed framework, the original traffic flows are profiled using 200 cross-protocol features. The traffic is aggregated into flows of packets between IP pairs and clustered into groups of similar network activities. Sequences of network activities are then extracted. We examined two methods for extracting sequences of activities: a Markov model and a neural language model. Finally, new traffic is generated using the extracted model. We developed a prototype of the framework and conducted extensive experiments based on two real network traffic collections. Hypothesis testing was used to examine the difference between the distribution of original and generated features, showing that 30-100% of the extracted features were preserved. Small differences between n-gram perplexities in sequences of network activities in the original and generated traffic, indicate that sequences of network activities were well preserved.

show abstract

Simulated User Bots: Real Time Testing of Insider Threat Detection Systems

Cited by 11 publications

References 22 publications

Privacy and Synthetic Datasets

Privacy and Synthetic Datasets

A Structured Approach to Insider Threat Monitoring for Offensive Security Teams

Sequence Preserving Network Traffic Generation

Contact Info

Product

Resources

About