extended-abstract

Insider threat detection using principal component analysis and self-organising map

Authors:

Naghmeh Moradpoor,

Martyn Brown,

Gordon RussellAuthors Info & Claims

SIN '17: Proceedings of the 10th International Conference on Security of Information and Networks

Pages 274 - 279

https://doi.org/10.1145/3136825.3136859

Published: 13 October 2017 Publication History

Get Access

Abstract

An insider threat can take on many aspects. Some employees abuse their positions of trust by disrupting normal operations, while others export valuable or confidential data which can damage the employer's marketing position and reputation. In addition, some just lose their credentials which are then abused in their name. In this paper, we use Principal Component Analysis (PCA) in conjunction with Self-Organising Map (SOM) for insider threat detection within an organisation. The results show that using PCA before SOM increases the clustering accuracy.

References

[1]

Singh, A., & Patel, S. S. Applying Modified K-Nearest Neighbor to Detect Insider Threat in Collaborative Information Systems.

Google Scholar

[2]

Parveen, P., Evans, J., Thuraisingham, B., Hamlen, K. W., & Khan, L. (2011, October). Insider threat detection using stream mining and graph mining. In Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on (pp. 1102--1110). IEEE.

Google Scholar

[3]

Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., & Robinson, S. (2017). Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams.

Google Scholar

[4]

Böse, B., Avasarala, B., Tirthapura, S., Chung, Y. Y., & Steiner, D. (2017). Detecting Insider Threats Using RADISH: A System for Real-Time Anomaly Detection in Heterogeneous Data Streams. IEEE Sytems Journal.

Google Scholar

[5]

Hashem, Y., Takabi, H., GhasemiGol, M., & Dantu, R. (2016). Inside the Mind of the Insider: Towards Insider Threat Detection Using Psychophysiological Signals. Journal of Internet Services and Information Security (JISIS), 6(1), 20--36.

Google Scholar

[6]

Zonefox; availabe on: https://zonefox.com/; last accesed: 1 September 2017

Google Scholar

[7]

Legg, P. A., Buckley, O., Goldsmith, M., & Creese, S. (2015). Automated insider threat detection system using user and role-based profile assessment. IEEE Systems Journal.

Google Scholar

[8]

Security, M. I. (2015). Grand Theft Data. Retrieved from Mcafee : http://www.mcafee.com/us/resources/reports/rp-data-exfiltration.pdf.

Google Scholar

[9]

Gavai, G., Sricharan, K., Gunning, D., Hanley, J., Singhal, M., & Rolleston, R. (2015). Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 6(4), 47--63.

Google Scholar

[10]

Alexander, H. (2017, 5 17). Who is Chelsea Manning and why is she being released from prison? Retrieved from Telegraph: http://www.telegraph.co.uk/news/2017/05/17/chelsea-manning-released-prison/

Google Scholar

[11]

Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley Professional.

Digital Library

Google Scholar

[12]

SCMP. (2017, June 8). China arrests 22 over sale of Apple private data. Retrieved from South China Morning Post: http://www.scmp.com/news/china/society/article/2097487/chinese-apple-staff-suspected-selling-personal-data.

Google Scholar

[13]

Haystax Technology. (2017). Insider Attacks: Industrial Survey. Retrieved from Haystax Technology: https://haystax.com/blog/ebook/insider-attacks-industry-survey

Google Scholar

Cited By

View all

Sheykhkanloo NHall A(2020)Insider Threat Detection Using Supervised Machine Learning Algorithms on an Extremely Imbalanced DatasetInternational Journal of Cyber Warfare and Terrorism10.4018/IJCWT.202004010110:2(1-26)Online publication date: 1-Oct-2020
https://dl.acm.org/doi/10.4018/IJCWT.2020040101
(2018)A new taxonomy of insider threatsInternational Journal of Information Systems and Management10.5555/3282756.32827601:4(343-359)Online publication date: 11-Dec-2018
https://dl.acm.org/doi/10.5555/3282756.3282760
McGlade DScott-Hayward S(2018)ML-based cyber incident detection for Electronic Medical Record (EMR) systemsSmart Health10.1016/j.smhl.2018.05.001Online publication date: May-2018
https://doi.org/10.1016/j.smhl.2018.05.001

Index Terms

Insider threat detection using principal component analysis and self-organising map
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems

Recommendations

The optimization of situational awareness for insider threat detection
CODASPY '11: Proceedings of the first ACM conference on Data and application security and privacy

In recent years, organizations ranging from defense and other government institutions to commercial enterprises, research labs, etc., have witnessed an increasing amount of sophisticated insider attacks that manage to bypass existing security controls. ...
Towards Countermeasure of Insider Threat in Network Security
INCOS '11: Proceedings of the 2011 Third International Conference on Intelligent Networking and Collaborative Systems

We discuss countermeasure against insider threats in network security aspect. In the context of countermeasure against insider threats, there is no perimeter for access control in a network. A traditional access control process by using a firewall on a ...
Insider Threat Mitigation Using Moving Target Defense and Deception
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security Threats

The insider threat has been subject of extensive study and many approaches from technical perspective to behavioral perspective and psychological perspective have been proposed to detect or mitigate it. However, it still remains one of the most ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SIN '17: Proceedings of the 10th International Conference on Security of Information and Networks

October 2017

321 pages

ISBN:9781450353038

DOI:10.1145/3136825

General Chairs:
Rajveer Singh Shekhawat
Manipal University Jaipur, India
,
M. S. Gaur
IIT Jammu, India
,
Atilla Elci
Aksaray University, Turkey
,
Jaideep Vaidya
Rutgers University
,
Oleg Makarevich
Southern Federal University, Russia
,
Ron Poet
University of Glasgow, UK
,
Mehmet Orgun
McQuarie Univ, Australia
,
Vijaypal S. Dhaka
Manipal University Jaipur, India
,
Manoj K. Bohra
Manipal University Jaipur, India
,
Virender Singh
IIT Bombay, India
,
Ludmila Babenko
Southern Federal University, Russia
,
Naghmeh M. Sheykhkanloo
Napier University, UK
,
Behnam Rahnama
Medis Inc., Iran

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 October 2017

Check for updates

Author Tags

Qualifiers

Extended-abstract

Conference

SIN '17

SIN '17: Security of Information and Networks

October 13 - 15, 2017

Jaipur, India

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
156
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sheykhkanloo NHall A(2020)Insider Threat Detection Using Supervised Machine Learning Algorithms on an Extremely Imbalanced DatasetInternational Journal of Cyber Warfare and Terrorism10.4018/IJCWT.202004010110:2(1-26)Online publication date: 1-Oct-2020
https://dl.acm.org/doi/10.4018/IJCWT.2020040101
(2018)A new taxonomy of insider threatsInternational Journal of Information Systems and Management10.5555/3282756.32827601:4(343-359)Online publication date: 11-Dec-2018
https://dl.acm.org/doi/10.5555/3282756.3282760
McGlade DScott-Hayward S(2018)ML-based cyber incident detection for Electronic Medical Record (EMR) systemsSmart Health10.1016/j.smhl.2018.05.001Online publication date: May-2018
https://doi.org/10.1016/j.smhl.2018.05.001

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

The optimization of situational awareness for insider threat detection

Towards Countermeasure of Insider Threat in Network Security

Insider Threat Mitigation Using Moving Target Defense and Deception