A Framework for Data-Driven Physical Security and Insider Threat Detection

Mavroeidis, Vasileios; Vishi, Kamer; Jøsang, Audun

doi:10.1109/asonam.2018.8508599

Cited by 16 publications

(10 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, an ontology-based framework for improving physical security and insider threat detection [86] can also be useful considering it supports threat detection using rule-based anomaly detection, forensic data analysis for attack attribution and thwarts deception, reconstructing complex attack patterns for enriching and sharing intelligence, as well as continuous security compliance monitoring. Live, network, and memory forensics are useful in detecting the footprint of insider threats.…”

Section: Malicious Insiders In the Cloud Environmentmentioning

confidence: 99%

Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses

et al. 2020

View full text Add to dashboard Cite

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed.

show abstract

Section: Malicious Insiders In the Cloud Environmentmentioning

confidence: 99%

Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses

et al. 2020

View full text Add to dashboard Cite

show abstract

“…So far, there is rare research on the rule-based anomaly detection method of cellular network except [8]. However, there are still many rule-based exception detection methods in other fields that are worth referring to, such as [9][10][11][12][13].…”

Section: Rule-based Methodsmentioning

confidence: 99%

Anomaly detection for cellular networks using big data analytics

Zhao

Zhang

et al. 2019

IET Communications

View full text Add to dashboard Cite

Large language models (LLMs) have shown their potential in long-context understanding and mathematical reasoning. In this paper, we study the problem of using LLMs to detect tabular anomalies and show that pre-trained LLMs are zeroshot batch-level anomaly detectors. That is, without extra distribution-specific model fitting, they can discover hidden outliers in a batch of data, demonstrating their ability to identify low-density data regions. For LLMs that are not well aligned with anomaly detection and frequently output factual errors, we apply simple yet effective datagenerating processes to simulate synthetic batchlevel anomaly detection datasets and propose an end-to-end fine-tuning strategy to bring out the potential of LLMs in detecting real anomalies. Experiments on a large anomaly detection benchmark (ODDS) showcase i) GPT-4 has on-par performance with the state-of-the-art transductive learning-based anomaly detection methods and ii) the efficacy of our synthetic dataset and fine-tuning strategy in aligning LLMs to this task.

show abstract

“…Another study by Zou et al [175] used the door and sensor data features to explore the use of the failure mode and effect analysis method. Mavroeidis et al [176] presented an ontological framework to improve physical security and insider threat detection using door access. Lastly, W. Meng et al [177] used Euclidean distance to judge a node's reputation and combed multisource logs, such as emails, websites, and camera usage.…”

Section: Physical Behaviorsmentioning

confidence: 99%

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

et al. 2020

View full text Add to dashboard Cite

Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.

show abstract

A Framework for Data-Driven Physical Security and Insider Threat Detection

Cited by 16 publications

References 12 publications

Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses

Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses

Anomaly detection for cellular networks using big data analytics

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

Contact Info

Product

Resources

About