Graph Based Framework for Malicious Insider Threat Detection

While most security projects have focused on fending off attacks coming from outside the organizational boundaries, a real threat has arisen from the people who are inside those perimeter protections. Insider threats have shown their power by hugely affecting national security, financial stability, and the privacy of many thousands of people. What is in the news is the tip of the iceberg, with much more going on under the radar, and some threats never being detected. We propose a hybrid framework based on graphical analysis and anomaly detection approaches, to combat this severe cyber security threat. Our framework analyzes heterogeneous data in isolating possible malicious users hiding behind others. Empirical results reveal this framework to be effective in distinguishing the majority of users who demonstrate typical behavior from the minority of users who show suspicious behavior.

[1]  Randall F. Trzeciak,et al.  Common Sense Guide to Prevention and Detection of Insider Threats , 2006 .

[2]  Zhi-Hua Zhou,et al.  Isolation Forest , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[3]  Lawrence B. Holder,et al.  Applying graph-based anomaly detection approaches to the discovery of insider threats , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[4]  Asha Rao,et al.  Detecting Anomalous User Behavior Using an Extended Isolation Forest Algorithm: An Enterprise Case Study , 2016, ArXiv.

[5]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[6]  Wen Zhang,et al.  Specializing network analysis to detect anomalous insider actions , 2012, Security Informatics.

[7]  Oliver Brdiczka,et al.  Proactive Insider Threat Detection through Graph Learning and Psychological Context , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[8]  Sherali Zeadally,et al.  Detecting Insider Threats: Solutions and Trends , 2012, Inf. Secur. J. A Glob. Perspect..

[9]  Lorie M. Liebrock,et al.  Authentication graphs: Analyzing user behavior within an enterprise network , 2015, Comput. Secur..

[10]  Serdar Boztas,et al.  Web access patterns reveal insiders behavior , 2015, 2015 Seventh International Workshop on Signal Design and its Applications in Communications (IWSDA).

[11]  Raffael Marty,et al.  Identifying and Visualizing the Malicious Insider Threat Using Bipartite Graphs , 2011, 2011 44th Hawaii International Conference on System Sciences.

[12]  Vincent H. Berk,et al.  Managing Malicious Insider Risk through BANDIT , 2012, 2012 45th Hawaii International Conference on System Sciences.

[13]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.