2018
DOI: 10.1007/978-3-030-00828-4_43
|View full text |Cite
|
Sign up to set email alerts
|

An Insider Threat Detection Method Based on User Behavior Analysis

Abstract: Insider threat has always been an important hidden danger of information system security, and the detection of insider threat is the main concern of information system organizers. Before the anomaly detection, the process of feature extraction often causes a part of information loss, and the detection of insider threats in a single time point often causes false positives. Therefore, this paper proposes a user behavior analysis model, by aggregating user behavior in a period of time, comprehensively characteriz… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
1
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 11 publications
(3 citation statements)
references
References 10 publications
0
1
0
Order By: Relevance
“…Still, there are general approaches that are used very often such as bagging [31], boosting, [32,33], and rule engines [34][35][36]. Random Forests (RF) are one of the most widely used methods, either because they are an established method and included in various machine learning tools [8,27], used as a benchmark [2], or used in an ensemble together with other methods such as in [37].…”
Section: Resultsmentioning
confidence: 99%
“…Still, there are general approaches that are used very often such as bagging [31], boosting, [32,33], and rule engines [34][35][36]. Random Forests (RF) are one of the most widely used methods, either because they are an established method and included in various machine learning tools [8,27], used as a benchmark [2], or used in an ensemble together with other methods such as in [37].…”
Section: Resultsmentioning
confidence: 99%
“…Jiang et al [20] have tried to extract the significant features that often cause organization information loss (attack) from much-related research. The "XGBoost" algorithm is used to identify the insider threat by aggregating the proposed significant feature with user behavior simultaneously.…”
Section: "An Insider Threat Detection Methods Based On User Behavior ...mentioning
confidence: 99%
“…A technique using LSTM-CNN algorithm has been shown to identify user anomalous behavior in [5], by monitoring user activities and extracting temporal features. While in [6], detection algorithm XGBoost has been used and behavior characteristic features are extracted from audit logs. Technique proposed in [7] extracted features and fields from user behavior logs for behavior auditing, and then these log files are used to train the Improved Hidden Markov Model (IHMM) for detection of malicious behavior.…”
Section: User Behavior Based Insider Detection Techniquesmentioning
confidence: 99%