Visualizing the insider threat: challenges and tools for identifying malicious user activity

Legg, Phil

doi:10.1109/vizsec.2015.7312772

Cited by 42 publications

(29 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…VisImpact correlates variables of purchase quarter (i.e., temporal details), fraud amount, and fraud count to reveal relationships among important factors. Legg [106] identifies insider threats in an organization by inspecting multidimensional data including the number of times that the user performs particular tasks, number of these activities that are new to this user and to any user in this same position.…”

Section: A Data Typesmentioning

confidence: 99%

“…When analyzing transaction behavior, categories derived from text help describe the relationship between a payer and a payee [108], [109], label different types of activities conducted by employees [106], and identify the type of state changes in a business process [100]. Text data is used to distinguish between senders, intermediates, and receivers in financial transactions, and to build profiles for analyzing their potential suspicious behaviors.…”

Section: A Data Typesmentioning

confidence: 99%

“…Specifically, the proxy for information flow is the probability flow of random walks in directed weighted networks. PCA is utilized for identifying insider threat [106] due to its effectiveness in detecting users that exhibit irregular variances across the set of derived features. An interactive PCA helps comprehend relationships between the PCA space and the original higher-dimensional space in a visual interface.…”

Section: B Anomaly Detection Techniquesmentioning

confidence: 99%

See 2 more Smart Citations

Visual Analytics of Anomalous User Behaviors: A Survey

Shi

Liu

Tong

et al. 2020

IEEE Trans. Big Data

View full text Add to dashboard Cite

The increasing accessibility of data provides substantial opportunities for understanding user behaviors. Unearthing anomalies in user behaviors is of particular importance as it helps signal harmful incidents such as network intrusions, terrorist activities, and financial frauds. Many visual analytics methods have been proposed to help understand user behaviorrelated data in various application domains. In this work, we survey the state of art in visual analytics of anomalous user behaviors and classify them into four categories including social interaction, travel, network communication, and transaction. We further examine the research works in each category in terms of data types, anomaly detection techniques, and visualization techniques, and interaction methods. Finally, we discuss findings and potential research directions.• We categorize four user behaviors, including social interaction, travel, network communication, and transaction based on the data collected from specific data sources. We extract four common data types from these four behaviors, including text, network, spatiotemporal information, and multidimensional data.• We review how research works use visualization techniques combined with interaction methods to analyze anomalous user behaviors. We extract six

show abstract

Section: A Data Typesmentioning

confidence: 99%

Section: A Data Typesmentioning

confidence: 99%

Section: B Anomaly Detection Techniquesmentioning

confidence: 99%

See 1 more Smart Citation

Visual Analytics of Anomalous User Behaviors: A Survey

Shi

Liu

Tong

et al. 2020

IEEE Trans. Big Data

View full text Add to dashboard Cite

show abstract

“…The textbooks by Marty [11] and Conti [4] also illustrate a number of different techniques for how visualization can help better understand the problems that exist within security. More recently, works such as [8], [10], [3] have all addressed how expert security analysts can visualize network or user activity data in large organisation environments. There are many different commercial and open-source tools available online for monitoring and analysing network activity.…”

Section: Introductionmentioning

confidence: 99%

Enhancing cyber situation awareness for Non-Expert Users using visual analytics

Legg

2016

2016 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

Self Cite

View full text Add to dashboard Cite

“…The textbooks by Marty (Marty, 2008) and Conti (Conti, 2007) also illustrate a number of different techniques for how visualization can help better understand the problems that exist within security. More recently, works such as (Gray, 2015), (Legg, 2015), (Cappers, 2015) have all addressed how expert security analysts can visualize network or user activity data in large organisation environments. There are many different commercial and open-source tools available online for monitoring and analysing network activity.…”

Section: Introductionmentioning

confidence: 99%

Visual Analytics for Non-Expert Users in Cyber Situation Awareness

Legg¹

2016

IJCSA

View full text Add to dashboard Cite

Situation awareness is often described as the perception and comprehension of the current situation, and the projection of future status. Whilst this may be well understood in an organisational cybersecurity context, there is a strong case to be made for effective cybersecurity situation awareness that is tailored to the needs of the Non-Expert User (NEU). Our online usage habits are rapidly evolving with smartphones and tablets being widely used to access resources online. In order for NEUs to remain safe online, there is a need to enhance awareness and understanding of cybersecurity concerns, such as how devices may be acting online, and what data is being shared between devices. In this paper, we extend our proposal of the Enhanced Personal Situation Awareness (ePSA) framework to consider the key details of cyber situation awareness that would be of concern to NEUs, and we consider how such information can be effectively conveyed using a visual analytic approach. We present the design of our visual analytics approach to show how this can represent the key details of cyber situation awareness whilst maintaining a simple and clean design scheme so as to not result in information-overload for the user. The guidance developed through the course of this work can help practitioners develop tools that could help NEUs better understand their online actions, with the aim of giving users greater control and safer experiences when their personal devices are acting online.

show abstract

Visualizing the insider threat: challenges and tools for identifying malicious user activity

Cited by 42 publications

References 20 publications

Visual Analytics of Anomalous User Behaviors: A Survey

Visual Analytics of Anomalous User Behaviors: A Survey

Enhancing cyber situation awareness for Non-Expert Users using visual analytics

Visual Analytics for Non-Expert Users in Cyber Situation Awareness

Contact Info

Product

Resources

About