Full-featured information equalization modeling for insider threat detection

被引：0

作者：

Liu Y. ^{[1
]}

Luo S.-L. ^{[1
]}

Qu L.-W. ^{[1
]}

Pan L.-M. ^{[1
]}

Zhang J. ^{[1
]}

机构：

[1] School of Information and Electronics, Beijing Institute of Technology, Beijing

来源：

Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science) | 2019年 / 53卷 / 04期

关键词：

Anomaly detection; Behavior log; Cross-grouping; Insider threat; Isolation forest algorithm;

D O I：

10.3785/j.issn.1008-973X.2019.04.019

中图分类号：

学科分类号：

摘要：

A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F1 value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection. © 2019, Zhejiang University Press. All right reserved.

引用

页码：777 / 784

页数：7

共 14 条

[1] Coopers P., Turnaround and transformation in cyber security: key findings from the global state of information security survey 2016
[2] 2016 global threat report
[3] Cappelli D.M., Moore A.P., Trzeciak R.F., The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, (2012)
[4] Alahmadi B.A., Legg P.A., Nurse J.R.C., Using Internet activity profiling for insider-threat detection, International Workshop on Security in Information Systems, pp. 709-720, (2015)
[5] Kammuller F., Probst C.W., Modeling and verification of insider threats using logical analysis, IEEE Systems Journal, 11, 2, pp. 534-545, (2017)
[6] Huang T., Zhang F., Method of insider threat detection based on hidden Markov model, Computer Engineering and Design, 31, 5, pp. 965-968, (2010)
[7] Eldardiry H., Bart E., Liu J., Et al., Multi-domain information fusion for insider threat detection, 2013 IEEE Symposium on Security and Privacy, pp. 45-51, (2013)
[8] Messerman A., Mustafic T., Camtepe S.A., Et al., Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics, International Joint Conference on Biometrics, pp. 1-8, (2011)
[9] Li Q.-G., Shi J.-Q., Qin Z.-G., Et al., Mining user behavior patterns for event detection in Email networks, Chinese Journal of Computers, 5, pp. 1135-1146, (2014)
[10] Camina J.B., Hernandez-Gracidas C., Monroy R., Et al., The Windows-users and intruder simulations logs dataset (WUIL): an experimental framework for masquerade detection mechanisms, Expert Systems with Applications, 41, 3, pp. 919-930, (2014)

← 1 2 →