research-article

Approach to combining different methods for detecting insiders

Authors:

Mikhail Buinevich,

Konstantin Izrailov,

Dmitry VlasovAuthors Info & Claims

ICFNDS '20: Proceedings of the 4th International Conference on Future Networks and Distributed Systems

Article No.: 26, Pages 1 - 6

https://doi.org/10.1145/3440749.3442619

Published: 13 May 2021 Publication History

Abstract

The paper deals with the problem of internal intruders (insiders) in the organization. It presents Top-7 methods of insider detection and substantiates the necessity of their joint usage. A technique to combine different methods of insider detection is proposed. A combination of methods means using the results of only one of them, union or/and intersecting it with the results of others. The technique formalization and graphic interpretation are given, as well as expressions for completeness, precision, accuracy, error and F-measure. Visualization of the third method combination is provided as an example. The results of experiments on insider detection at the real corporate network using human and machine-based methods are presented.

References

[1]

B. A. L and D. H. K. S. 2019. Information Security Insider Threats in Organizations and Mitigation Techniques. In 2019 International Conference on Recent Advances in Energy-efficient Computing and Communication (ICRAECC). 1–4. https://doi.org/10.1109/ICRAECC43874.2019.8995088

[2]

A. Azaria, A. Richardson, S. Kraus, and V. S. Subrahmanian. 2014. Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data. IEEE Transactions on Computational Social Systems 1, 2 (2014), 135–155. https://doi.org/10.1109/TCSS.2014.2377811

[3]

A. Barros and A. Chuvakin. 2020. Comparison of UEBA Technologies and Solutions. Gartner. https://www.gartner.com/en/documents/3645381

[4]

M. Buinevich and K. Izrailov. 2014. Method and utility for recovering code algorithms of telecommunication devices for vulnerability search. In 16th International Conference on Advanced Communication Technology. 172–176. https://doi.org/10.1109/ICACT.2014.6778943

[5]

M. Buinevich, K. Izrailov, and A. Vladyko. 2016. Method and prototype of utility for partial recovering source code for low-level and medium-level vulnerability search. In 2016 18th International Conference on Advanced Communication Technology (ICACT). 1–1. https://doi.org/10.1109/ICACT.2016.7423602

[6]

W. R. Claycomb, C. L. Huth, B. Phillips, L. Flynn, and D. McIntire. 2013. Identifying indicators of insider threats: Insider IT sabotage. In 2013 47th International Carnahan Conference on Security Technology (ICCST). 1–5. https://doi.org/10.1109/CCST.2013.6922038

[7]

J. Graves. 2020. How machine learning is catching up with the insider threat. Cyber Security: A Peer-Reviewed Journal. https://www.henrystewartpublications.com/sites/default/files/CSJGraves.pdf

[8]

T. Gunasekhar, K. T. Rao, and M. T. Basu. 2015. Understanding insider attack problem and scope in cloud. In 2015 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2015]. 1–6. https://doi.org/10.1109/ICCPCT.2015.7159380

[9]

A. Gupta and B. B. Gupta. 2017. HoneynetTrap: Analysis of insider threat detection using agent oriented PN2 simulator. In 2017 International Conference On Smart Technologies For Smart Nation (SmartTechCon). 433–438. https://doi.org/10.1109/SmartTechCon.2017.8358411

[10]

I. Kotenko and E. Doynikova. 2014. Security assessment of computer networks based on attack graphs and security events. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 8407 LNCS (2014), 462–471. https://doi.org/10.1007/978-3-642-55032-4_47

[11]

A. Krasov, A. Arshinov, and I. Ushakov. 2018. Embedding the hidden information into java byte code based on operands’ interchanging. ARPN Journal of Engineering and Applied Sciences 3, 18 (2018), 2746–2752.

[12]

P. H. Nguyen, R. Henkin, S. Chen, N. Andrienko, G. Andrienko, O. Thonnard, and C. Turkay. 2020. VASABI: Hierarchical User Profiles for Interactive Visual User Behaviour Analytics. IEEE Transactions on Visualization and Computer Graphics 26, 1(2020), 77–86. https://doi.org/10.1109/TVCG.2019.2934609

[13]

V. Volkogonov P. Sharikov, A. Krasov. 2020. A study of the correctness of the execution of a class file with an embedded digital watermark in different environments. IOP Conference Series: Materials Science and Engineering 862 (may 2020), 052052. https://doi.org/10.1088/1757-899x/862/5/052052

[14]

M. A. Salitin and A. H. Zolait. 2018. The role of User Entity Behavior Analytics to detect network attacks in real time. In 2018 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT). 1–5. https://doi.org/10.1109/3ICT.2018.8855782

[15]

E. E. Santos, E. Santos, J. Korah, J. E. Thompson, V. Murugappan, S. Subramanian, and Yan Zhao. 2017. Modeling insider threat types in cyber organizations. In 2017 IEEE International Symposium on Technologies for Homeland Security (HST). 1–7. https://doi.org/10.1109/THS.2017.7943445

[16]

M. S. Sarma, Y. Srinivas, M. Abhiram, L. Ullala, M. S. Prasanthi, and J. R. Rao. 2017. Insider Threat Detection with Face Recognition and KNN User Classification. In 2017 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM). 39–44. https://doi.org/10.1109/CCEM.2017.16

[17]

P. Sharikov, A. Krasov, A. Gelfand, and N. Kosov. 2020. Research of the Possibility of Hidden Embedding of a Digital Watermark Using Practical Methods of Channel Steganography. Vol. 868. Springer, Cham, 203–209. https://doi.org/10.1007/978-3-030-32258-8_24

[18]

A. Sharma. 2020. User And Entity Behavior Analytics (UEBA). Market 2018-2025 Global Industry Research Report. Technical Report. https://www.researchgate.net/publication/330958395

[19]

B. Shteiman. 2020. UEBA: Applying data science and machine learning to cybersecurity. Computer Business Review. Technical Report. http://www.cbronline.com/news/cybersecurity/protection/ueba-finding-cyber-security-norm-data-science-machine-learning/

[20]

L. Xiangyu, L. Qiuyang, and S. Chandel. 2017. Social Engineering and Insider Threats. In 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). 25–34. https://doi.org/10.1109/CyberC.2017.91

[21]

A. Zaytsev, A. Malyuk, and N. Miloslavskaya. 2017. Critical Analysis in the Research Area of Insider Threats. In 2017 IEEE 5th International Conference on Future Internet of Things and Cloud (FiCloud). 288–296. https://doi.org/10.1109/FiCloud.2017.16

[22]

T. Zhang and P. Zhao. 2010. Insider Threat Identification System Model Based on Rough Set Dimensionality Reduction. In 2010 Second World Congress on Software Engineering, Vol. 2. 111–114. https://doi.org/10.1109/WCSE.2010.106

Digital Library

Cited By

Vlasov D(2024)COMPARATIVE REVIEW OF RESULTS INTELLECTUAL ACTIVITY OF RUSSIAN SCIENTISTS ON IDENTIFYING INSIDERS IN ORGANIZATIONSScientific and analytical journal «Vestnik Saint-Petersburg university of State fire service of EMERCOM of Russia»10.61260/2218-130X-2024-2-136-1452024:2(136-145)Online publication date: 14-Jul-2024
https://doi.org/10.61260/2218-130X-2024-2-136-145
Leonov NBuinevich MChechulin A(2024)Top-20 Weakest from Cybersecurity Elements of the Industry Production and Technology Platform 4.0 Information Systems2024 International Russian Smart Industry Conference (SmartIndustryCon)10.1109/SmartIndustryCon61328.2024.10515678(668-675)Online publication date: 25-Mar-2024
https://doi.org/10.1109/SmartIndustryCon61328.2024.10515678
Vlasov D(2023)Application of Categorical Division to Classify Motivation For Insider ActivitiesTelecom IT10.31854/2307-1303-2023-11-2-47-5611:2(47-56)Online publication date: 20-Dec-2023
https://doi.org/10.31854/2307-1303-2023-11-2-47-56

Index Terms

Approach to combining different methods for detecting insiders

Index terms have been assigned to the content through auto-classification.

Recommendations

The justification of a pattern for detecting intellectual property theft by departing insiders
PLoP '12: Proceedings of the 19th Conference on Pattern Languages of Programs

This paper describes an analysis that justifies applying the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders." The pattern helps organizations plan, prepare, and implement a strategy to mitigate the risk of insider ...
A pattern for increased monitoring for intellectual property theft by departing insiders
PLoP '11: Proceedings of the 18th Conference on Pattern Languages of Programs

A research project at the CERT^® Program is identifying enterprise architectural patterns to protect against the insider threat to organizations. This paper presents an example of such a pattern---Increased Monitoring for Intellectual Property (IP) Theft ...
Adversarial machine learning in IoT from an insider point of view
Abstract
With the rapid progress and significant successes in various applications, machine learning has been considered a crucial component in the Internet of Things ecosystem. However, machine learning models have recently been vulnerable to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICFNDS '20: Proceedings of the 4th International Conference on Future Networks and Distributed Systems

November 2020

313 pages

ISBN:9781450388863

DOI:10.1145/3440749

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 May 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

RFBR
Budget

Conference

ICFNDS '20

ICFNDS '20: The 4th International Conference on Future Networks and Distributed Systems

November 26 - 27, 2020

St.Petersburg, Russian Federation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
39
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Vlasov D(2024)COMPARATIVE REVIEW OF RESULTS INTELLECTUAL ACTIVITY OF RUSSIAN SCIENTISTS ON IDENTIFYING INSIDERS IN ORGANIZATIONSScientific and analytical journal «Vestnik Saint-Petersburg university of State fire service of EMERCOM of Russia»10.61260/2218-130X-2024-2-136-1452024:2(136-145)Online publication date: 14-Jul-2024
https://doi.org/10.61260/2218-130X-2024-2-136-145
Leonov NBuinevich MChechulin A(2024)Top-20 Weakest from Cybersecurity Elements of the Industry Production and Technology Platform 4.0 Information Systems2024 International Russian Smart Industry Conference (SmartIndustryCon)10.1109/SmartIndustryCon61328.2024.10515678(668-675)Online publication date: 25-Mar-2024
https://doi.org/10.1109/SmartIndustryCon61328.2024.10515678
Vlasov D(2023)Application of Categorical Division to Classify Motivation For Insider ActivitiesTelecom IT10.31854/2307-1303-2023-11-2-47-5611:2(47-56)Online publication date: 20-Dec-2023
https://doi.org/10.31854/2307-1303-2023-11-2-47-56

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents