Loading…

Automated Insider Threat Detection System Using User and Role-Based Profile Assessment

Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. This coul...

Full description

Saved in:
Bibliographic Details
Published in:IEEE systems journal 2017-06, Vol.11 (2), p.503-512
Main Authors: Legg, Philip A., Buckley, Oliver, Goldsmith, Michael, Creese, Sadie
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c409t-3537d0148fafa6e77d68cd726684004dad73b8b6d615782171391dcb89bcf58b3
cites cdi_FETCH-LOGICAL-c409t-3537d0148fafa6e77d68cd726684004dad73b8b6d615782171391dcb89bcf58b3
container_end_page 512
container_issue 2
container_start_page 503
container_title IEEE systems journal
container_volume 11
creator Legg, Philip A.
Buckley, Oliver
Goldsmith, Michael
Creese, Sadie
description Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. This could range from financial theft and intellectual property theft to the destruction of property and business reputation. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. In this paper, we describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the user's behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using ten synthetic data-driven scenarios and found that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst.
doi_str_mv 10.1109/JSYST.2015.2438442
format article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_7126970</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7126970</ieee_id><sourcerecordid>1916015934</sourcerecordid><originalsourceid>FETCH-LOGICAL-c409t-3537d0148fafa6e77d68cd726684004dad73b8b6d615782171391dcb89bcf58b3</originalsourceid><addsrcrecordid>eNo9kMtOwzAQRS0EEqXwA7CJxDrBr_ixLOVVVAlEWyRWlhNPIFWTFNtd9O9JH2Izdxb3zEgHoWuCM0Kwvnudfc3mGcUkzyhninN6ggZEM5lqyvjpfqepIoqfo4sQlhjnKpd6gD5Hm9g1NoJLJm2oHfhk_uPBxuQBIpSx7tpktg0RmmQR6va7n33Fti756FaQ3tvQk---q-oVJKMQIIQG2niJziq7CnB1zCFaPD3Oxy_p9O15Mh5N05JjHVOWM-kw4aqylRUgpROqdJIKoTjG3FknWaEK4QTJpaJEEqaJKwuli7LKVcGG6PZwd-273w2EaJbdxrf9S0M0Eb0PzXjfoodW6bsQPFRm7evG-q0h2Oz8mb0_s_Nnjv566OYA1QDwD0hChZaY_QGn92ve</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1916015934</pqid></control><display><type>article</type><title>Automated Insider Threat Detection System Using User and Role-Based Profile Assessment</title><source>IEEE Xplore (Online service)</source><creator>Legg, Philip A. ; Buckley, Oliver ; Goldsmith, Michael ; Creese, Sadie</creator><creatorcontrib>Legg, Philip A. ; Buckley, Oliver ; Goldsmith, Michael ; Creese, Sadie</creatorcontrib><description>Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. This could range from financial theft and intellectual property theft to the destruction of property and business reputation. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. In this paper, we describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the user's behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using ten synthetic data-driven scenarios and found that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst.</description><identifier>ISSN: 1932-8184</identifier><identifier>EISSN: 1937-9234</identifier><identifier>DOI: 10.1109/JSYST.2015.2438442</identifier><identifier>CODEN: ISJEB2</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Analytics ; Anomaly detection ; Automation ; Computer security ; cyber security ; Cybersecurity ; Damage ; Destruction ; Electronic mail ; Experimentation ; Feature extraction ; insider threat ; Intellectual property ; Intrusion detection systems ; Organizations ; Psychology ; Theft</subject><ispartof>IEEE systems journal, 2017-06, Vol.11 (2), p.503-512</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2017</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c409t-3537d0148fafa6e77d68cd726684004dad73b8b6d615782171391dcb89bcf58b3</citedby><cites>FETCH-LOGICAL-c409t-3537d0148fafa6e77d68cd726684004dad73b8b6d615782171391dcb89bcf58b3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7126970$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,54796</link.rule.ids></links><search><creatorcontrib>Legg, Philip A.</creatorcontrib><creatorcontrib>Buckley, Oliver</creatorcontrib><creatorcontrib>Goldsmith, Michael</creatorcontrib><creatorcontrib>Creese, Sadie</creatorcontrib><title>Automated Insider Threat Detection System Using User and Role-Based Profile Assessment</title><title>IEEE systems journal</title><addtitle>JSYST</addtitle><description>Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. This could range from financial theft and intellectual property theft to the destruction of property and business reputation. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. In this paper, we describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the user's behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using ten synthetic data-driven scenarios and found that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst.</description><subject>Analytics</subject><subject>Anomaly detection</subject><subject>Automation</subject><subject>Computer security</subject><subject>cyber security</subject><subject>Cybersecurity</subject><subject>Damage</subject><subject>Destruction</subject><subject>Electronic mail</subject><subject>Experimentation</subject><subject>Feature extraction</subject><subject>insider threat</subject><subject>Intellectual property</subject><subject>Intrusion detection systems</subject><subject>Organizations</subject><subject>Psychology</subject><subject>Theft</subject><issn>1932-8184</issn><issn>1937-9234</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNo9kMtOwzAQRS0EEqXwA7CJxDrBr_ixLOVVVAlEWyRWlhNPIFWTFNtd9O9JH2Izdxb3zEgHoWuCM0Kwvnudfc3mGcUkzyhninN6ggZEM5lqyvjpfqepIoqfo4sQlhjnKpd6gD5Hm9g1NoJLJm2oHfhk_uPBxuQBIpSx7tpktg0RmmQR6va7n33Fti756FaQ3tvQk---q-oVJKMQIIQG2niJziq7CnB1zCFaPD3Oxy_p9O15Mh5N05JjHVOWM-kw4aqylRUgpROqdJIKoTjG3FknWaEK4QTJpaJEEqaJKwuli7LKVcGG6PZwd-273w2EaJbdxrf9S0M0Eb0PzXjfoodW6bsQPFRm7evG-q0h2Oz8mb0_s_Nnjv566OYA1QDwD0hChZaY_QGn92ve</recordid><startdate>20170601</startdate><enddate>20170601</enddate><creator>Legg, Philip A.</creator><creator>Buckley, Oliver</creator><creator>Goldsmith, Michael</creator><creator>Creese, Sadie</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20170601</creationdate><title>Automated Insider Threat Detection System Using User and Role-Based Profile Assessment</title><author>Legg, Philip A. ; Buckley, Oliver ; Goldsmith, Michael ; Creese, Sadie</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c409t-3537d0148fafa6e77d68cd726684004dad73b8b6d615782171391dcb89bcf58b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Analytics</topic><topic>Anomaly detection</topic><topic>Automation</topic><topic>Computer security</topic><topic>cyber security</topic><topic>Cybersecurity</topic><topic>Damage</topic><topic>Destruction</topic><topic>Electronic mail</topic><topic>Experimentation</topic><topic>Feature extraction</topic><topic>insider threat</topic><topic>Intellectual property</topic><topic>Intrusion detection systems</topic><topic>Organizations</topic><topic>Psychology</topic><topic>Theft</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Legg, Philip A.</creatorcontrib><creatorcontrib>Buckley, Oliver</creatorcontrib><creatorcontrib>Goldsmith, Michael</creatorcontrib><creatorcontrib>Creese, Sadie</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library Online</collection><collection>CrossRef</collection><jtitle>IEEE systems journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Legg, Philip A.</au><au>Buckley, Oliver</au><au>Goldsmith, Michael</au><au>Creese, Sadie</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Automated Insider Threat Detection System Using User and Role-Based Profile Assessment</atitle><jtitle>IEEE systems journal</jtitle><stitle>JSYST</stitle><date>2017-06-01</date><risdate>2017</risdate><volume>11</volume><issue>2</issue><spage>503</spage><epage>512</epage><pages>503-512</pages><issn>1932-8184</issn><eissn>1937-9234</eissn><coden>ISJEB2</coden><abstract>Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. This could range from financial theft and intellectual property theft to the destruction of property and business reputation. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. In this paper, we describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the user's behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using ten synthetic data-driven scenarios and found that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/JSYST.2015.2438442</doi><tpages>10</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1932-8184
ispartof IEEE systems journal, 2017-06, Vol.11 (2), p.503-512
issn 1932-8184
1937-9234
language eng
recordid cdi_ieee_primary_7126970
source IEEE Xplore (Online service)
subjects Analytics
Anomaly detection
Automation
Computer security
cyber security
Cybersecurity
Damage
Destruction
Electronic mail
Experimentation
Feature extraction
insider threat
Intellectual property
Intrusion detection systems
Organizations
Psychology
Theft
title Automated Insider Threat Detection System Using User and Role-Based Profile Assessment
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T09%3A04%3A59IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Automated%20Insider%20Threat%20Detection%20System%20Using%20User%20and%20Role-Based%20Profile%20Assessment&rft.jtitle=IEEE%20systems%20journal&rft.au=Legg,%20Philip%20A.&rft.date=2017-06-01&rft.volume=11&rft.issue=2&rft.spage=503&rft.epage=512&rft.pages=503-512&rft.issn=1932-8184&rft.eissn=1937-9234&rft.coden=ISJEB2&rft_id=info:doi/10.1109/JSYST.2015.2438442&rft_dat=%3Cproquest_ieee_%3E1916015934%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c409t-3537d0148fafa6e77d68cd726684004dad73b8b6d615782171391dcb89bcf58b3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1916015934&rft_id=info:pmid/&rft_ieee_id=7126970&rfr_iscdi=true