Problems from the inside of an organization’s perimeters are a significant threat, since it is very difficult to differentiate them from outside activity. In this dissertation, evaluate an insider threat detection motto on its ability to detect different type of scenarios that have not previously been identify or contemplated by the developers of the system. We show the ability to detect a large variety of insider threat scenario instances We report results of an ensemble-based, unsupervised technique for detecting potential insider threat, insider threat scenarios that robustly achieves results. We explore factors that contribute to the success of the ensemble method, such as the number and variety of unsupervised detectors and the use of existing knowledge encoded in scenario based detectors made for different known activity patterns. We report results over the entire period of the ensemble approach and of ablation experiments that remove the scenario-based detectors.
[1]
Thomas G. Dietterich.
Multiple Classifier Systems
,
2000,
Lecture Notes in Computer Science.
[2]
Joshua Glasser,et al.
Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data
,
2013,
2013 IEEE Security and Privacy Workshops.
[3]
Thomas G. Dietterich,et al.
Detecting insider threats in a real corporate database of computer usage activity
,
2013,
KDD.
[4]
Christian W. Probst,et al.
Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques
,
2011,
J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..
[5]
Vipin Kumar,et al.
Feature bagging for outlier detection
,
2005,
KDD '05.