Profiling file repository access patterns for identifying data exfiltration activities

Hu, Yi; Frank, Charles E.; Walden, James; Crawford, Elizabeth; Kasturiratna, Dhanuja

doi:10.1109/cicybs.2011.5949404

Cited by 8 publications

(10 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed idea of this framework is more feasible to keep track of cyber security-based detection. The proposed approach is based on any unauthorized movement of data by insider threats [29]. It uses file repositories, which is the statistical method for authorized or legitimate users.…”

Section: Related Workmentioning

confidence: 99%

Insider Threat Detection Based on NLP Word Embedding and Machine Learning

Haq¹,

Khan²,

Alshehri³

2022

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

The growth of edge computing, the Internet of Things (IoT), and cloud computing have been accompanied by new security issues evolving in the information security infrastructure. Recent studies suggest that the cost of insider attacks is higher than the external threats, making it an essential aspect of information security for organizations. Efficient insider threat detection requires stateof-the-art Artificial Intelligence models and utility. Although significant have been made to detect insider threats for more than a decade, there are many limitations, including a lack of real data, low accuracy, and a relatively low false alarm, which are major concerns needing further investigation. In this paper, an attempt to fulfill these gaps by detecting insider threats with the novelties of the present investigation first developed two deep learning hybrid LSTM models integrated with Google's Word2vec LSTM (Long Short-Term Memory) GLoVe (Global Vectors for Word Representation) LSTM. Secondly, the performance of two hybrid DL models was compared with the state-of-the-art ML models such as XGBoost, Ada-Boost, RF (Random Forest), KNN (K-Nearest Neighbor) and LR (Logistics Regression). Thirdly, the present investigation bridges the gaps of using a real dataset, high accuracy, and significantly lower false alarm rate. It was found that ML-based models outperformed the DL-based ones. The results were evaluated based on earlier studies and deemed efficient at detecting insider threats using the real dataset.

show abstract

Section: Related Workmentioning

confidence: 99%

Insider Threat Detection Based on NLP Word Embedding and Machine Learning

Haq¹,

Khan²,

Alshehri³

2022

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

show abstract

Section: Related Workmentioning

confidence: 99%

“…Additionally, rule mining, feature analysis using the One-Class Support Vector Machine (OCSVM), and other cryptographic techniques including watermarking were used to detect an insider threat [29]. Furthermore, according to Hu et al [29], that a sizable portion of employees steal data when switching jobs. In other words, insider attackers who are authorised to access an organization's best-kept secrets provide a significant risk to organisational security.…”

Section: Related Workmentioning

confidence: 99%

Threats From Unintentional Insiders: An Assessment of an Organization’s Readiness Using Machine Learning

2022

View full text Add to dashboard Cite

Today's organisations are facing a number of challenges, one of the most significant of which is ensuring the safety of their digital data. This is as a result of the fact that they are frequently faced with internal and external threats that can put the data they have been entrusted with in jeopardy of being compromised. As a result of this, this study investigates the dimension of threats associated to unintentional internal user of an organisation and utilises NARX to model and test a detection scheme associated to the menace. In addition, this study aims to provide a better understanding of the current state of the threat landscape. The data adopted for this research is primarily a "user activity logs" dataset from CERT (release version r4.2). From the data, the study conceptualized "Access", "Motivation", and "Action" to be the key dimensions influencing "insider", whereas "Intent", "+Action", "Method", and "knowledge" are the key dimension influencing "threats". Experimental analyses conducted by NARX within several numbers of partitions of the data point to a good detection capacity, with the greatest value of R 2 coming in at 0.97. This indicates that NARX was able to detect the crucial dimension that was formulated for by the research to be the detections parameter of an inadvertent insider threat when operating under the best partition. In light of these findings, organisations can use the proposed approach to assess their preparedness for Insider attacks.

show abstract

“…The features of the user database and file access patterns have been studied by Hu et al [110] using statistical methods, a community anomaly detection system applying a relational framework [111], One-Class Support Vector Machine OCSVM to analyze features [112], rule mining [113], and cryptographic techniques and watermarking [114]. A probabilistic mechanism was used to re-encrypt files [115], the scoring function [116], the naive Bayes algorithm, and vector space model (VSM) [117].…”

Section: Cyber Activity Behaviormentioning

confidence: 99%

“…[ 35,45,[62][63][64][65][66][67][68]97,101,105,106,110,112,117,121,124,131,133,182,194] Time complexity…”

Section: Roc or Aucmentioning

confidence: 99%

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

et al. 2020

View full text Add to dashboard Cite

Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.

show abstract

Profiling file repository access patterns for identifying data exfiltration activities

Cited by 8 publications

References 6 publications

Insider Threat Detection Based on NLP Word Embedding and Machine Learning

Insider Threat Detection Based on NLP Word Embedding and Machine Learning

Threats From Unintentional Insiders: An Assessment of an Organization’s Readiness Using Machine Learning

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

Contact Info

Product

Resources

About