Anomaly-Based Insider Threat Detection Using Deep Autoencoders
53
Citation
24
Reference
10
Related Paper
Citation Trend
Abstract:
In recent years, the malicious insider threat has become one of the most significant cyber security threats that an organisation can be subject to. Due to an insider's natural ability to evade deployed information security mechanisms such as firewalls and endpoint protections, the detection of an insider threat can be challenging. Moreover, compared to the volume of audit data that an organization collects for the purpose of intrusion/anomaly detection, the digital footprint left by a malicious insider's action can be minuscule. To detect insider threats from large and complex audit data, in this paper, we propose a detection system that implements anomaly detection using an ensemble of deep autoencoders. Each autoencoder in the ensemble is trained using a certain category of audit data, which represents a user's normal behaviour accurately. The reconstruction error obtained between the original and the decoded data is used to measure whether any behaviour is anomalous or not. After the data has been processed by the individually trained autoencoders and the respective reconstruction errors obtained, a joint decision-making mechanism is used to report a user's overall maliciousness score. Numerical experiments are conducted using a benchmark dataset for insider threat detection. Results indicate that the proposed detection system is able to detect all of the malicious insider actions with a reasonable false positive rate.Keywords:
Insider threat
Benchmark (surveying)
The insider threat has grown to be a broadly conventional problem, and it has become the most predominant demanding situation in the field of cybersecurity. This system shows that threats require a unique method of detection, techniques, and various tools that can simplify correct and speedy malicious insider detection. As insiders live at the back of the organizational level and regularly have access to the network, detection, and prevention of insider threats become very complicated. Later, a few issues are brought up based on the findings from the examined work, and new gaps and difficult circumstances are identified. This paper represents an up-todate review of all major machine learning algorithms employed for detecting insider threats. Moreover, various issues involved during the formulation of multiple algorithms for detecting insider threats are discussed.
Insider threat
Cite
Citations (0)
Insider threat
Granularity
Cite
Citations (25)
After completing this session, you should be able to: Describe the Insider Threat; Characterize the cyber insider threat; Describe preventive measures against the insider threat; Describe protective measures against the insider threat.
Insider threat
Cite
Citations (0)
Abstract Organisations face many threats that coarsely can be separated in inside threats and outside threats. Threats from insiders are especially hard to counter since insiders have special knowledge and privileges. Therefore, malicious insider actions are hard to distinguish from benign actions. After discussing new definitions of insiders and insider threats, this article gives an overview of how to mitigate insider threats and discusses conflicting goals when dealing with insider threats.
Insider threat
Cite
Citations (0)
Almost all systems all over the world suffer from outsider and insider attacks. Outsider attacks are those that come from outside the system, however, insider attacks are those that are launched from insiders of the system. In this paper we concentrate on insider attacks detection on the application level; database is our focus. Insider attacks differ from outsider attacks in many ways; most importantly, insiders have more knowledge about the underlying systems. Because of their knowledge and their privileges of the system resources; their risk can be greater and more severe. In fact, insiders can find vulnerabilities in the system easily. Several techniques have been proposed that tackled the insider threat problem, but most of them concentrate on insider threat detection in computer system level. We describe a method for insider threat detection in database systems that handle entrants on the role of insiders for such attacks. Our simulation results show resistance against such attacks. Also, our results show good performance in terms of reducing false alarms to the minimum.
Insider threat
Cite
Citations (6)
Insider threat research and modeling has focused on the individual and the prediction of an insider threat incident. The majority of these models are statistical with inputs from psychological and social (work environment) assessments. These statistical analyses tend toward trend-projections using various regression models. The modeling presented in this paper implements the agent-based paradigm that is designed to explore the primary elements of an insider threat. Specifically, the insider (represented as an agent) interacts with other employees and the organization (also represented as agents) in an environment that provides the opportunity and necessary access to become an insider threat. The specific research question we seek to answer is How and when does an insider that is pre-disposed to being a threat make the decision to become an active insider threat? The model met the research objective: capture insider threat behavior given the set of assumptions governing agent behavior.
Insider threat
Cite
Citations (2)
A study of cyber-attack incidents emanating from insiders identifies some characteristic of the malicious user including trust, attack on hardware, software and network, and vulnerabilities of threat. Among the research that has been conducted, insider trust is identified as a critical characteristic where trust of insider is categorized as a major potential to attack system information either high, medium or low risk to access the sensitive document. Trust characteristics is hard to be analyzed due to the different human behaviour. Thus, a survey was conducted that includes hypothesis to support the investigation of insider threat characteristic. To obtain the result of finding prominent insider trust criteria, a regression analysis is used to get the actual value. A survey has been distributed to multiple user roles of three systems namely e-Plantation System (ePS), eCampus System (eCampus) and Human Resources Management System (eHRMS). The outcome of this study demonstrates that skill and experience are two prominent factors that mainly influence the characteristic of insider trust.
Insider threat
Cite
Citations (0)
Insider threat
Computer forensics
Cite
Citations (0)
Abstract An insider, also regarded as an employee of a company, becomes a threat when the intention or action can affect the company negatively. Insider threat has been an eminent problem in organizations that has resulted in the loss of trust, confidential data and information. This study seeks to review current existing techniques to insider threat detection and also proffers machine learning technique as the way forward for insider threat detection.
Insider threat
Insider trading
Affect
Cite
Citations (17)
Abstract : Insider threat is rapidly becoming the largest information security problem that organizations face. With large numbers of personnel having access to internal systems, it is becoming increasingly difficult to protect organizations from malicious insiders. The typical methods of mitigating insider threat are simply not working, primarily because this threat is a people problem, and most mitigation strategies are geared towards profiling and anomaly detection, which are problematic at best. As a result, a new type of model is proposed in this thesis, one that incorporates risk management with human behavioral science. The new risk-based model focuses on observable influences that affect employees, and identifies employees with increased risk of becoming malicious insiders. The model's primary purpose is to differentiate malicious and non-malicious employees. This research details the need for the model, the model's components, and how it works. The model is tested using an in-depth case study on Robert Hanssen, the FBI's double agent who sold the Soviets secrets for more than 20 years. Implemented with the right tool, the new model has great potential for use by security personnel in their efforts to mitigate insider threat damage.
Insider threat
Profiling (computer programming)
Cyber threats
Cite
Citations (5)