Using PLSI-U to detect insider threats by datamining e-mail

Okolica, James S.; Peterson, Gilbert L.; Mills, Robert F.

doi:10.1504/ijsn.2008.017224

Cited by 27 publications

(17 citation statements)

References 6 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Maloof and Stephens [13] propose a detection tool for when insiders violate need-toknow restrictions that are in place within the organisation. Okolica et al [14] use Probabilistic Latent Semantic Indexing with Users to determine employee interests, which are used to form social graphs that can highlight insiders. Liu et al [15] propose a multilevel framework called SIDD (Sensitive Information Disseination Detection) that incorporates networklevel application identification, content signature generation and detection, and covert communication detection.…”

Section: Related Workmentioning

confidence: 99%

Automated Insider Threat Detection System Using User and Role-Based Profile Assessment

Legg

Buckley

Goldsmith

et al. 2017

IEEE Systems Journal

108

View full text Add to dashboard Cite

Abstract-Organisations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorised access to sensitive organisational data are placed in a position of power that could well be abused and could cause significant damage to an organisation. This could range from financial theft and intellectual property theft, through to the destruction of property and business reputation. Traditional intrusion detection systems are not designed, nor are capable, of identifying those who act maliciously within an organisation. In this paper, we describe an automated system that is capable of detecting insider threats within an organisation. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role, and then use this to obtain a consistent representation of features that provide a rich description of the user's behaviour. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using 10 synthetic data-driven scenarios and found that the system can identify anomalous behaviour that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst.

show abstract

Section: Related Workmentioning

confidence: 99%

Automated Insider Threat Detection System Using User and Role-Based Profile Assessment

Legg

Buckley

Goldsmith

et al. 2017

IEEE Systems Journal

108

View full text Add to dashboard Cite

show abstract

“…The inside attackers are current or former employees who have certain knowledge about the system . A typical inside attacker is a curious DBA, who has full access to the DBMS server.…”

Section: Framework and Main Threatsmentioning

confidence: 99%

IP²DM: integrated privacy-preserving data management architecture for smart grid V2G networks

Han

Xiao

2016

Wirel. Commun. Mob. Comput.

View full text Add to dashboard Cite

With the development of battery vehicles, vehicle-to-grid (V2G) networks are becoming more and more important in smart grid. Although battery vehicles are environmentally friendly and flexible to use two-way communication and two-way electricity flow, they also raise privacy-preservation challenges, such as location and movement privacy. On the one hand, utility companies have to monitor the grid and analyze user data to control the power production, distribution, scheduling, and billing process, while typical users need to access their data later online. On the other hand, users are not willing to provide their personal data because they do not trust the system security of the utility companies where their data stored, and it may potentially expose their privacy. Therefore, in this paper, we study data management of V2G networks in smart grid with privacy-preservation to benefit both the customers and the utility companies. Both data aggregation and data publication of V2G networks are protected in the proposed architecture. To check its security, we analyze this architecture in several typical V2G networks attacks. We conduct several experiments to show that the proposed architecture is effective and efficient, and it can enhance user privacy protection while providing enough information for utility companies to analyze and monitor the grid.

show abstract

“…Maloof and Stephens [12] propose a detection tool for when insiders violate need-toknow restrictions that are in place within the organisation. Okolica et al [13] use Probabilistic Latent Semantic Indexing with Users to determine employee interests, which are used to form social graphs that can highlight insiders. Liu et al [14] propose a multilevel framework called SIDD (Sensitive Information Dissemination Detection) that incorporates networklevel application identification, content signature generation and detection, and covert communication detection.…”

Section: Related Workmentioning

confidence: 99%

Caught in the act of an insider attack: detection and assessment of insider threat

Legg

Buckley

Goldsmith

et al. 2015

2015 IEEE International Symposium on Technologies for Homeland Security (HST)

View full text Add to dashboard Cite

Abstract-The greatest asset that any organisation has are its people, but they may also be the greatest threat. Those who are within the organisation may have authorised access to vast amounts of sensitive company records that are essential for maintaining competitiveness and market position, and knowledge of information services and procedures that are crucial for daily operations. In many cases, those who have such access do indeed require it in order to conduct their expected workload. However, should an individual choose to act against the organisation, then with their privileged access and their extensive knowledge, they are well positioned to cause serious damage. Insider threat is becoming a serious and increasing concern for many organisations, with those who have fallen victim to such attacks suffering significant damages including financial and reputational. It is clear then, that there is a desperate need for more effective tools for detecting the presence of insider threats and analyzing the potential of threats before they escalate. We propose Corporate Insider Threat Detection (CITD), an anomaly detection system that is the result of a multi-disciplinary research project that incorporates technical and behavioural activities to assess the threat posed by individuals. The system identifies user and role-based profiles, and measures how users deviate from their observed behaviours to assess the potential threat that a series of activities may pose. In this paper, we present an overview of the system and describe the concept of operations and practicalities of deploying the system. We show how the system can be utilised for unsupervised detection, and also how the human analyst can engage to provide an active learning feedback loop. By adopting an accept or reject scheme, the analyst is capable of refining the underlying detection model to better support their decisionmaking process and significant reduce the false positive rate.

show abstract

Using PLSI-U to detect insider threats by datamining e-mail

Cited by 27 publications

References 6 publications

Automated Insider Threat Detection System Using User and Role-Based Profile Assessment

Automated Insider Threat Detection System Using User and Role-Based Profile Assessment

IP²DM: integrated privacy-preserving data management architecture for smart grid V2G networks

Caught in the act of an insider attack: detection and assessment of insider threat

Contact Info

Product

Resources

About

Using PLSI-U to detect insider threats by datamining e-mail

Cited by 27 publications

References 6 publications

Automated Insider Threat Detection System Using User and Role-Based Profile Assessment

Automated Insider Threat Detection System Using User and Role-Based Profile Assessment

IP2DM: integrated privacy-preserving data management architecture for smart grid V2G networks

Caught in the act of an insider attack: detection and assessment of insider threat

Contact Info

Product

Resources

About

IP²DM: integrated privacy-preserving data management architecture for smart grid V2G networks