This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
2013 IEEE CS Security and Privacy Workshops (SPW2013)
San Francisco, CA USA
May 23-May 24
ISBN: 978-1-4799-0458-7
Hoda Eldardiry, Palo Alto Res. Center (PARC), Palo Alto, CA, USA
Evgeniy Bart, Palo Alto Res. Center (PARC), Palo Alto, CA, USA
Juan Liu, Palo Alto Res. Center (PARC), Palo Alto, CA, USA
John Hanley, Palo Alto Res. Center (PARC), Palo Alto, CA, USA
Bob Price, Palo Alto Res. Center (PARC), Palo Alto, CA, USA
Oliver Brdiczka, Palo Alto Res. Center (PARC), Palo Alto, CA, USA
Malicious insiders pose significant threats to information security, and yet the capability of detecting malicious insiders is very limited. Insider threat detection is known to be a difficult problem, presenting many research challenges. In this paper we report our effort on detecting malicious insiders from large amounts of work practice data. We propose novel approaches to detect two types of insider activities: (1) blendin anomalies, where malicious insiders try to behave similar to a group they do not belong to, and (2) unusual change anomalies, where malicious insiders exhibit changes in their behavior that are dissimilar to their peers' behavioral changes. Our first contribution focuses on detecting blend-in malicious insiders. We propose a novel approach by examining various activity domains, and detecting behavioral inconsistencies across these domains. Our second contribution is a method for detecting insiders with unusual changes in behavior. The key strength of this proposed approach is that it avoids flagging common changes that can be mistakenly detected by typical temporal anomaly detection mechanisms. Our third contribution is a method that combines anomaly indicators from multiple sources of information.
Index Terms:
Electronic mail,Computational modeling,Statistics,Sociology,Accuracy,Data models,Vectors,information fusion,Insider threat detection,anomaly detection
Citation:
Hoda Eldardiry, Evgeniy Bart, Juan Liu, John Hanley, Bob Price, Oliver Brdiczka, "Multi-Domain Information Fusion for Insider Threat Detection," spw, pp.45-51, 2013 IEEE CS Security and Privacy Workshops (SPW2013), 2013
Usage of this product signifies your acceptance of the Terms of Use.