Study on user behavior profiling in insider threat detection
Behavior profiling technic using no-labeled historical data to build normal behavior model is an effective way to detect insider attackers. The state-of-the-art labeled profile methods extract features artificially and process data by simple statistical methods, whose incomplete behavior model lacks...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2018-12-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018282/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539405063389184 |
|---|---|
| author | Yuanbo GUO Chunhui LIU Jing KONG Yifeng WANG |
| author_facet | Yuanbo GUO Chunhui LIU Jing KONG Yifeng WANG |
| author_sort | Yuanbo GUO |
| collection | DOAJ |
| description | Behavior profiling technic using no-labeled historical data to build normal behavior model is an effective way to detect insider attackers. The state-of-the-art labeled profile methods extract features artificially and process data by simple statistical methods, whose incomplete behavior model lacks details. An automated feature extracting and full-detail behavior profiling method as well as a behavior sequence splitting and business state transition predicting way was proposed. Combining above two methods, an insider threats detection framework was established, which improved detection accuracy. Experimenting with CMU-CERT data set, AUC (area under curve) score was 0.88 and F1 score was 0.925. With the better performance, it can be used in detecting insider threats. |
| format | Article |
| id | doaj-art-123b8bf0a4e14e1e9e3fbb6a363fce48 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2018-12-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-123b8bf0a4e14e1e9e3fbb6a363fce482025-01-14T07:16:00ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2018-12-013914115059722521Study on user behavior profiling in insider threat detectionYuanbo GUOChunhui LIUJing KONGYifeng WANGBehavior profiling technic using no-labeled historical data to build normal behavior model is an effective way to detect insider attackers. The state-of-the-art labeled profile methods extract features artificially and process data by simple statistical methods, whose incomplete behavior model lacks details. An automated feature extracting and full-detail behavior profiling method as well as a behavior sequence splitting and business state transition predicting way was proposed. Combining above two methods, an insider threats detection framework was established, which improved detection accuracy. Experimenting with CMU-CERT data set, AUC (area under curve) score was 0.88 and F1 score was 0.925. With the better performance, it can be used in detecting insider threats.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018282/behavior sequenceprofiling extractioninsider threathidden Markov model |
| spellingShingle | Yuanbo GUO Chunhui LIU Jing KONG Yifeng WANG Study on user behavior profiling in insider threat detection Tongxin xuebao behavior sequence profiling extraction insider threat hidden Markov model |
| title | Study on user behavior profiling in insider threat detection |
| title_full | Study on user behavior profiling in insider threat detection |
| title_fullStr | Study on user behavior profiling in insider threat detection |
| title_full_unstemmed | Study on user behavior profiling in insider threat detection |
| title_short | Study on user behavior profiling in insider threat detection |
| title_sort | study on user behavior profiling in insider threat detection |
| topic | behavior sequence profiling extraction insider threat hidden Markov model |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018282/ |
| work_keys_str_mv | AT yuanboguo studyonuserbehaviorprofilingininsiderthreatdetection AT chunhuiliu studyonuserbehaviorprofilingininsiderthreatdetection AT jingkong studyonuserbehaviorprofilingininsiderthreatdetection AT yifengwang studyonuserbehaviorprofilingininsiderthreatdetection |