论文信息 - Detecting Insider Threats Using RADISH: A System for Real-Time Anomaly Detection in Heterogeneous Data Streams

Detecting Insider Threats Using RADISH: A System for Real-Time Anomaly Detection in Heterogeneous Data Streams

We present a scalable system for high-throughput real-time analysis of heterogeneous data streams. Our architecture enables incremental development of models for predictive analytics and anomaly detection as data arrives into the system. In contrast with batch data-processing systems, such as Hadoop, that can have high latency, our architecture allows for ingest and analysis of data on the fly, thereby detecting and responding to anomalous behavior in near real time. This timeliness is important for applications such as insider threat, financial fraud, and network intrusions. We demonstrate an application of this system to the problem of detecting insider threats, namely, the misuse of an organization's resources by users of the system and present results of our experiments on a publicly available insider threat dataset.

[1] Joshua Glasser,et al. Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data , 2013, 2013 IEEE Security and Privacy Workshops.

[2] Randall F. Trzeciak,et al. Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector , 2012 .

[3] VARUN CHANDOLA,et al. Anomaly detection: A survey , 2009, CSUR.

[4] Jon Louis Bentley,et al. Decomposable Searching Problems I: Static-to-Dynamic Transformation , 1980, J. Algorithms.

[5] Jon Louis Bentley,et al. Multidimensional binary search trees used for associative searching , 1975, CACM.

[6] Jay Kreps,et al. Kafka : a Distributed Messaging System for Log Processing , 2011 .

[7] Bilegsaikhan Naidan,et al. Static-to-dynamic transformation for metric indexing structures (extended version) , 2014, Inf. Syst..

[8] Oliver Brdiczka,et al. Multi-Domain Information Fusion for Insider Threat Detection , 2013, 2013 IEEE Security and Privacy Workshops.

[9] James Andrew Lewis,et al. The economic impact of cybercrime and cyber espionage , 2013 .