Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, Junhong | - |
dc.contributor.author | Park, Minsik | - |
dc.contributor.author | Kim, Haedong | - |
dc.contributor.author | Cho, Suhyoun | - |
dc.contributor.author | Kang, Pilsung | - |
dc.date.accessioned | 2021-09-01T04:52:11Z | - |
dc.date.available | 2021-09-01T04:52:11Z | - |
dc.date.created | 2021-06-19 | - |
dc.date.issued | 2019-10 | - |
dc.identifier.issn | 2076-3417 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/62622 | - |
dc.description.abstract | Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very familiar with an organization's system, it is very difficult to detect their malicious behavior. Traditional insider-threat detection methods focus on rule-based approaches built by domain experts, but they are neither flexible nor robust. In this paper, we propose insider-threat detection methods based on user behavior modeling and anomaly detection algorithms. Based on user log data, we constructed three types of datasets: user's daily activity summary, e-mail contents topic distribution, and user's weekly e-mail communication history. Then, we applied four anomaly detection algorithms and their combinations to detect malicious activities. Experimental results indicate that the proposed framework can work well for imbalanced datasets in which there are only a few insider threats and where no domain experts' knowledge is provided. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | MDPI | - |
dc.subject | CLASSIFICATION | - |
dc.subject | CLASSIFIERS | - |
dc.subject | SYSTEMS | - |
dc.title | Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Kang, Pilsung | - |
dc.identifier.doi | 10.3390/app9194018 | - |
dc.identifier.scopusid | 2-s2.0-85073279165 | - |
dc.identifier.wosid | 000496258100077 | - |
dc.identifier.bibliographicCitation | APPLIED SCIENCES-BASEL, v.9, no.19 | - |
dc.relation.isPartOf | APPLIED SCIENCES-BASEL | - |
dc.citation.title | APPLIED SCIENCES-BASEL | - |
dc.citation.volume | 9 | - |
dc.citation.number | 19 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Chemistry | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Materials Science | - |
dc.relation.journalResearchArea | Physics | - |
dc.relation.journalWebOfScienceCategory | Chemistry, Multidisciplinary | - |
dc.relation.journalWebOfScienceCategory | Engineering, Multidisciplinary | - |
dc.relation.journalWebOfScienceCategory | Materials Science, Multidisciplinary | - |
dc.relation.journalWebOfScienceCategory | Physics, Applied | - |
dc.subject.keywordPlus | CLASSIFICATION | - |
dc.subject.keywordPlus | CLASSIFIERS | - |
dc.subject.keywordPlus | SYSTEMS | - |
dc.subject.keywordAuthor | insider threat detection | - |
dc.subject.keywordAuthor | anomaly detection | - |
dc.subject.keywordAuthor | machine learning | - |
dc.subject.keywordAuthor | behavioral model | - |
dc.subject.keywordAuthor | latent dirichlet allocation | - |
dc.subject.keywordAuthor | e-mail network | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
145 Anam-ro, Seongbuk-gu, Seoul, 02841, Korea+82-2-3290-2963
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.