Detecting Anomalous Insiders in Collaborative Information Systems

Chen, You; Nyemba, Steve; Malin, Bradley

doi:10.1109/tdsc.2012.11

Cited by 79 publications

(47 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The goal of these questions is to determine if the findings of the study are replicable. Five studies have a low risk of bias -Chen et al [13], Eberie et al [34], Parveen et al [12], Raissi-Dehkordi et al [21], and Yu et al [23] and the remaining eight studies have a high risk of bias (Table 4, Fig. 14).…”

Section: Publication Qualitymentioning

confidence: 99%

“…Figure 5 shows the number of selected papers used these feature vectors. A total of 35 studies were included in this survey [12][13][14][15][16][17][18][19][20][21][22][23][24]. Table 2 presents the features that belong to these domains and the sources of information for each feature domain.…”

Section: B) Opportunitymentioning

confidence: 99%

“…However, none of these citation papers use the IDPAs presented in these research papers. The most cited papers are: Chen et al [13] and Brdiczka et al [24].…”

Section: Comparative Analysis Of Various Idpasmentioning

confidence: 99%

See 2 more Smart Citations

Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis

2016

View full text Add to dashboard Cite

Cyber security is vital to the success of today's digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and prediction nowadays? 2) What are the challenges associated with insider threat detection and prediction? 3) What are the best-to-date insider threat detection and prediction algorithms? We conduct a systematic review of 37 articles published in peer-reviewed journals, conference proceedings and edited books for the period of 1950-2015 to address the first two questions. Our survey suggests that game theoretic approach (GTA) is a popular source of insider threat data; the insiders' online activities are the most widely used features in insider threat detection and prediction; most of the papers use single point estimates of threat likelihood; and graph algorithms are the most widely used tools for detecting and predicting insider threats. The key challenges facing the insider threat detection and prediction system include unbounded patterns, uneven time lags between activities, data nonstationarity, individuality, collusion attacks, high false alarm rates, class imbalance problem, undetected insider attacks, uncertainty, and the large number of free parameters in the model. To identify the best-to-date insider threat detection and prediction algorithms, our meta-analysis study excludes theoretical papers proposing conceptual algorithms from the 37 selected papers resulting in the selection of 13 papers. We rank the insider threat detection and prediction algorithms presented in the 13 selected papers based on the theoretical merits and the transparency of information. To determine the significance of rank sums, we perform "the Friedman two-way analysis of variance by ranks" test and "multiple comparisons between groups or conditions" tests.

show abstract

Section: Publication Qualitymentioning

confidence: 99%

Section: B) Opportunitymentioning

confidence: 99%

See 1 more Smart Citation

Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis

2016

View full text Add to dashboard Cite

show abstract

“…Chen and colleagues described the application of relational data mining to detect anomalies in the accesses to communities information systems [179]. The study by Peissig and colleagues used Inductive Logic Programming (ILP) -a method that infers an hypothesis from the analysis of the background knowledge and examples -to derive phenotypes from EHR data [180].…”

Section: G Mining Structured Clinical Datamentioning

confidence: 99%

Clinical Data Reuse or Secondary Use: Current Status and Potential Future Progress

Meystre¹,

Lovis²,

Bürkle³

et al. 2017

Yearb Med Inform

View full text Add to dashboard Cite

SummaryObjective: To perform a review of recent research in clinical data reuse or secondary use, and envision future advances in this field. Methods: The review is based on a large literature search in MEDLINE (through PubMed), conference proceedings, and the ACM Digital Library, focusing only on research published between 2005 and early 2016. Each selected publication was reviewed by the authors, and a structured analysis and summarization of its content was developed. Results: The initial search produced 359 publications, reduced after a manual examination of abstracts and full publications. The following aspects of clinical data reuse are discussed: motivations and challenges, privacy and ethical concerns, data integration and interoperability, data models and terminologies, unstructured data reuse, structured data mining, clinical practice and research integration, and examples of clinical data reuse (quality measurement and learning healthcare systems). Conclusion: Reuse of clinical data is a fast-growing field recognized as essential to realize the potentials for high quality healthcare, improved healthcare management, reduced healthcare costs, population health management, and effective clinical research.

show abstract

“…The access control decision function (DF ) (Definition 23) takes the access request (Q) (Definition 21) as an input and returns a Boolean value presenting the access control decision. The pre-condition for the success of DF is as shown in (21) and (22). In the worst case, the complexity of WBAC's DF is O(card(act r (usr)) + (card(w) × card(team member ))).…”

Section: Wbac Performance Analysismentioning

confidence: 99%

Work-Based Access Control Model for Cooperative Healthcare Environments: Formal Specification and Verification

Abomhara

Yang

Køien

et al. 2017

J Healthc Inform Res

View full text Add to dashboard Cite

In this study, an access control model for cooperative healthcare environments is presented. A work-based access control (WBAC) model is proposed by introducing the concept of team role classification based on Belbin team role theory and modifying the user-role assignment model from previous work. Roles are used in conjunction with team roles to handle access control in dynamic collaborative environments. To evaluate and analyze the security, efficiency, and practicality of the proposed model, we first formalize the model (events and policies), define the basic element set and relations in the WBAC model, present the WBAC authorization constraints, and define the WBAC access control decision function. Second, we evaluate the model's security and manageability validity to ensure that the security and management requirements of our WBAC model are met. Finally, we evaluate the performance of the proposed model and compare it with relevant existing models.

show abstract

Detecting Anomalous Insiders in Collaborative Information Systems

Cited by 79 publications

References 51 publications

Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis

Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis

Clinical Data Reuse or Secondary Use: Current Status and Potential Future Progress

Work-Based Access Control Model for Cooperative Healthcare Environments: Formal Specification and Verification

Contact Info

Product

Resources

About