Browse > Article
http://dx.doi.org/10.7236/JIIBC.2017.17.4.11

A Study on Method for Insider Data Leakage Detection  

Kim, Hyun-Soo (Dept of Computer Science, Agency for Defense Development)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.17, no.4, 2017 , pp. 11-17 More about this Journal
Abstract
Organizations are experiencing an ever-growing concern of how to prevent confidential information leakage from internal employees. Those who have authorized access to organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. In this paper, we investigate the task of detecting such insider through a method of modeling a user's normal behavior in order to detect anomalies in that behavior which may be indicative of an data leakage. We make use of Hidden Markov Models to learn what constitutes normal behavior, and then use them to detect significant deviations from that behavior. Experiments have been made to determine the optimal HMM parameters and our result shows detection capability of 20% false positive and 80% detection rate.
Keywords
Insider Data Leakage; Abnormal Behavior Detection; Hidden Markov Model;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Fyffe, George. "Addressing the insider threat." Network security 2008.3 (2008): 11-14.   DOI
2 Schultz, E. Eugene. "A framework for understanding and predicting insider attacks." Computers & Security 21.6 (2002): 526-531. DOI: http://dx.doi.org/10.1016/S0167-4048(02)01009-X   DOI
3 Magklaras, G. B., and S. M. Furnell. "Insider threat prediction tool: Evaluating the probability of IT misuse." Computers & Security 21.1 (2001): 62-73. DOI: http://dx.doi.org/10.1016/S0167-4048(02)00109-8   DOI
4 Theoharidou, Marianthi, et al. "The insider threat to information systems and the effectiveness of ISO17799." Computers & Security 24.6 (2005): 472-484. DOI: http://dx.doi.org/10.1016/j.cose.2005.05.002   DOI
5 Kwang-su Im et al. "A Study on Influence of Information Security Stress and Behavioral Intention for Characteristic factors of Information Security Policy Perceived by Employee", The Journal of The Institue of Inernet Broadcasting and Communication(JIIBC), Vol.16, No.6, pp.243-253, 2016 DOI: https://doi.org/10.7236/JIIBC.2016.16.6.243   DOI
6 Liu, Alexander, et al. "A comparison of system call feature representations for insider threat detection." Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC. IEEE, 2005. DOI: http://dx.doi.org/10.1109/IAW.2005.1495972   DOI
7 Young-baek Kwon, In-seok Kim. "A study on Anomaly Signal Detection and Management Model using Big Data." The Journal of The Institue of Inernet Broadcasting and Communication(JIIBC) Vol.16 No.6, 2016 DOI: https://doi.org/10.7236/JIIBC.2016.16.6.287   DOI
8 Maloof, Marcus, and Gregory Stephens. "Elicit: A system for detecting insiders who violate need-to-know." Recent Advances in Intrusion Detection. Springer Berlin/Heidelberg, 2007. DOI: http://dx.doi.org/10.1007/978-3-540-74320-0_8   DOI
9 Patcha, Animesh, and Jung-Min Park. "An overview of anomaly detection techniques: Existing solutions and latest technological trends." Computer networks 51.12 (2007): 3448-3470. DOI: http://dx.doi.org/10.1016/j.comnet.2007.02.001   DOI
10 Legg, Philip A., et al. "Automated insider threat detection system using user and role-based profile assessment." IEEE Systems Journal (2015). DOI: http://dx.doi.org/10.1109/JSYST.2015.2438442   DOI
11 Gavai, Gaurang, et al. "Supervised and Unsupervised methods to detect Insider Threat from Enterprise Social and Online Activity Data." JoWUA 6.4 (2015): 47-63.
12 Eldardiry, Hoda, et al. "Multi-source fusion for anomaly detection: using across-domain and across-time peer-group consistency checks." JoWUA 5.2 (2014): 39-58.
13 Rashid, Tabish, Ioannis Agrafiotis, and Jason RC Nurse. "A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models." Proceedings of the 2016 International Workshop on Managing Insider Security Threats. ACM, 2016. DOI: http://dx.doi.org/10.1145/2995959.2995964   DOI
14 Parveen, Pallabi, et al. "Unsupervised ensemble based learning for insider threat detection." Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom). IEEE, 2012. DOI: http://dx.doi.org/10.1109/SocialCom-PASSAT.2012.106   DOI