Using Genetic Algorithm to Minimize False Alarms in Insider Threats Detection of Information Misuse in Windows Environment

Insider threats detection problem has always been one of the most difficult challenges for organizations and research community. Effective behavioral categorization of users plays a vital role for the success of any detection mechanisms. It also helps to reduce false alarms in case of insider threats. In order to achieve this, a fuzzy classifier has been implemented along with genetic algorithm (GA) to enhance the efficiency of a fuzzy classifier. It also enhances the functionality of all other modules to achieve better results in terms of false alarms. A scenario driven approach along with mathematical evaluation verifies the effectiveness of the modified framework. It has been tested for the enterprises having critical nature of business. Other organizations can adopt it in accordance with their specific nature of business, need, and operational processes. The results prove that accurate classification and detection of users were achieved by adopting the modified framework which in turn minimizes false alarms.

[1]  N. Pitalua-Diaz,et al.  Tuning Fuzzy Control Rules via Genetic Algorithms , 2007, Electronics, Robotics and Automotive Mechanics Conference (CERMA 2007).

[2]  Pushpak Pati,et al.  Implementation of genetic algorithm based fuzzy logic controller with automatic rule extraction in FPGA , 2013 .

[3]  Concha Bielza,et al.  Multidimensional statistical analysis of the parameterization of a genetic algorithm for the optimal ordering of tables , 2010, Expert Syst. Appl..

[4]  Dieter Gollmann,et al.  08302 Summary - Countering Insider Threats , 2008, Countering Insider Threats.

[5]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Robert F. Mills,et al.  Towards insider threat detection using web server logs , 2009, CSIIRW '09.

[7]  H. Takagi,et al.  Integrating Design Stages of Fuzzy Systems using Genetic Algorithms 1 , 1993 .

[8]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[9]  Edmund G. Archuleta,et al.  National Infrastructure Advisory Council's Final Report and Recommendations on the Insider Threat to Critical Infrastructures , 2008 .

[10]  James A. Whittaker,et al.  Intrusion detection: Perspectives on the insider threat , 2004 .

[11]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[12]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[13]  M.A. Lee,et al.  Integrating design stage of fuzzy systems using genetic algorithms , 1993, [Proceedings 1993] Second IEEE International Conference on Fuzzy Systems.

[14]  Eduardo Fernández-Medina,et al.  HC+: Towards a Framework for Improving Processes in Health Organizations by Means of Security and Data Quality Management , 2012, J. Univers. Comput. Sci..

[15]  Hyungsuck Cho,et al.  Genetic algorithm-based optimization of fuzzy logic controller using characteristic parameters , 1995, Proceedings of 1995 IEEE International Conference on Evolutionary Computation.

[16]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[17]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[18]  Mujahid Tabassum,et al.  A GENETIC ALGORITHM ANALYSIS TOWARDS OPTIMIZATION SOLUTIONS , 2014 .

[19]  Francisco Herrera,et al.  Tuning fuzzy logic controllers by genetic algorithms , 1995, Int. J. Approx. Reason..

[20]  S. Furnell,et al.  A Detection-Oriented Classification of Insider IT Misuse , 2004 .

[21]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[22]  Luigi Troiano,et al.  A Reference Model for Security Level Evaluation: Policy and Fuzzy Techniques , 2005, J. Univers. Comput. Sci..

[23]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[24]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[25]  Anneli Folkesson,et al.  Secure Computer Systems , 2013 .

[26]  Richard J. Lipton,et al.  A Linear time algorithm for deciding security , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[27]  Clive Blackwell,et al.  A security architecture to protect against the insider threat from damage, fraud and theft , 2009, CSIIRW '09.

[28]  Khaled Belarbi,et al.  Genetic algorithm for the design of a class of fuzzy controllers: an alternative approach , 2000, IEEE Trans. Fuzzy Syst..

[29]  Emma Ireland,et al.  Intrusion Detection with Genetic Algorithms and Fuzzy Logic , 2013 .

[30]  Bidyadhar Subudhi,et al.  Evolutionary computing approaches to optimum design of fuzzy logic controller for a flexible robot system , 2013 .

[31]  Christian W. Probst,et al.  Countering Insider Threats , 2008 .

[32]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[33]  R. Biswas,et al.  Effect of different defuzzification methods in a fuzzy based load balancing application , 2011 .