Statistical profiling and visualization for detection of malicious insider attacks on computer networks

Colombe, Jeffrey B.; Stephens, Gregory

doi:10.1145/1029208.1029231

Cited by 27 publications

(21 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With the passage of time, too much information is displayed on the screen in various colors and sizes, and this can distract users, in turn leading to a decrease in detection efficiency Colombe and Stephens (2004); Samak et al (2008).…”

Section: How To Show: Visualization Methodsmentioning

confidence: 99%

Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection

Seo¹,

Lee

Han

2014

Computers & Security

View full text Add to dashboard Cite

Section: How To Show: Visualization Methodsmentioning

confidence: 99%

Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection

Seo¹,

Lee

Han

2014

Computers & Security

View full text Add to dashboard Cite

“…It includes tools that visually detect anomalies and possible attacks through pattern matching [7] or by using machine learning to check for anomalous behavior [1]. Other tools establish acceptable action patterns to easily detect anomalous patterns [17].…”

Section: Background Literaturementioning

confidence: 99%

“…Other tools establish acceptable action patterns to easily detect anomalous patterns [17]. These tools use visualizations like color maps [7] and different types of graphs like attack-pattern trees [1] or bipartite graphs [17].…”

Section: Background Literaturementioning

confidence: 99%

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

Sethi

Paci

Wills

2016

2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)

View full text Add to dashboard Cite

Abstract-Cyber-security visualization is an up-and-coming area which aims to reduce security analysts' workload by presenting information as visual analytics rather than a string of text and characters. But the adoption of the resultant visualizations has not increased. The literature indicates a research gap of a lack of guidelines and standardized evaluation techniques for effective visualization in cyber-security, as a reason for it. Therefore, this research addresses the research gap by developing a framework called EEVi for effective cyber-security visualizations for the performed task. The term 'effective visualization' can be defined as the features of visualization that are crucial to perform a certain task successfully. EEVi has been developed by analyzing qualitative data that leads to the formation of cognitive relationships (called links) between data that act as guidelines for effective cyber-security visualization in terms of the performed task. The methodology to develop this framework can be applied to other fields to understand cognitive relationships between data. Additionally, the analysis presents a glimpse into the usage of EEVi in cyber-security visualization.

show abstract

“…KbM is an approach that has been widely used in addressing the problem of intruders [6], [7]. The process of detecting malicious insiders using the KbM is done by comparing activities that are performed by the user against predefined rules of the expected behavior.…”

Section: Related Workmentioning

confidence: 99%

Detecting a malicious insider in the cloud environment using sequential rule mining

Nkosi

Tarwireyi

Adigun

2013

2013 International Conference on Adaptive Science and Technology

View full text Add to dashboard Cite

Cloud computing is a growing paradigm that offers a lot of benefits to cloud users. Despite the potential benefits that cloud computing could offer to business and individuals, security remains one of the growing concerns that are hindering the adoption of this paradigm. Researchers have identified and dealt with many security threats to cloud computing. However, insider threats still remain as one of the major concerns. Threats from malicious insiders are often listed as dangerous threats by many researchers. However, this threat has not received the attention it deserves because many organizations turn out to be extra careful about external threats than insider threats. This paper discusses an approach that can help in identifying insiders behaving in a malicious way, which may lead to an attack. A rule learning algorithm was used in learning the behavior pattern of users, in order to build user profiles. A Matching algorithm was then used to match the historical behavior of the user with the current behavior, in order to identify users that masquerade in the system as normal users. The obtained results show that it was possible to identify insiders that masquerade in the system by observing their behavior patterns.

show abstract

Statistical profiling and visualization for detection of malicious insider attacks on computer networks

Cited by 27 publications

References 11 publications

Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection

Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

Detecting a malicious insider in the cloud environment using sequential rule mining

Contact Info

Product

Resources

About