Study on user behavior profiling in insider threat detection

Study on user behavior profiling in insider threat detection

Behavior profiling technic using no-labeled historical data to build normal behavior model is an effective way to detect insider attackers. The state-of-the-art labeled profile methods extract features artificially and process data by simple statistical methods, whose incomplete behavior model lacks...

Full description

Saved in:
Bibliographic Details
Main Authors: Yuanbo GUO, Chunhui LIU, Jing KONG, Yifeng WANG
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2018-12-01
Series:Tongxin xuebao
Subjects:
behavior sequence
profiling extraction
insider threat
hidden Markov model
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018282/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Behavior profiling technic using no-labeled historical data to build normal behavior model is an effective way to detect insider attackers. The state-of-the-art labeled profile methods extract features artificially and process data by simple statistical methods, whose incomplete behavior model lacks details. An automated feature extracting and full-detail behavior profiling method as well as a behavior sequence splitting and business state transition predicting way was proposed. Combining above two methods, an insider threats detection framework was established, which improved detection accuracy. Experimenting with CMU-CERT data set, AUC (area under curve) score was 0.88 and F1 score was 0.925. With the better performance, it can be used in detecting insider threats.
ISSN:1000-436X

Similar Items