Open Access
Subscription Access
Open Access
Subscription Access
Anomalous Insiders Detection System using K-NN in Collaborative Information Systems
Subscribe/Renew Journal
Collaborative Information Systems (CIS) allow users to belong to different groups to communicate and interfere with shared tasks or documents for collaboration. Current Intrusion Detection Systems are not effective in detecting insider threats where users work in dynamic teams. A malicious hacker who works as an employee of an organization or an outsider who acts as an employee by obtaining false credentials is called an insider threat and that malicious hacker may cause damages to the shared information. The proposed Neighborhood Anomaly Detection System (NADS), is an unsupervised learning framework to detect insider threats. NADs makes use of access logs of collaborative environments for Intrusion Detection. This framework is based on the observation that typical CIS users tend to form Neighborhood structures based on the subjects accessed. NADS consists of two components: 1) relational pattern extraction, where Neighborhood structures are derived and 2) anomaly prediction, which uses a statistical model based on relational pattern extraction. Based on the observations, the deviation of users from the communities they belong to is detected. It is capable to detect anomalous insiders in systems that use dynamic teams.
Keywords
Anomaly Detection, Data Mining, Insider Threat, Network Analysis.
Subscription
Login to verify subscription
User
Font Size
Information
- M.-L. Shyu, S.-C. Chen, K. Sarinnapakorn, and L. Chang, “A novel anomaly detection scheme based on principal component classifier,” Third IEEE International Conference on Data Mining (ICDM’03), 2003.
- S. Shanbhag, and T. Wolf, “Accurate anomaly detection through parallelism,” IEEE Network, vol. 23, no. 1, pp. 22-28, 2009.
- X. Song, M. Wu, C. Jermaine, and S. Ranka, “Conditional anomaly detection,” IEEE Transactions on Knowledge and Data Engineering, vol. 19, no. 5, pp. 631-645, 2007.
- A. Kind, M. P. Stoecklin, and X. A. Dimitropoulos, “Histogram-based traffic anomaly detection,” IEEE Transactions on Network and Service Management, vol. 6, no. 2, pp. 110-121, 2009.
- Y. Chen, S. Nyemba, W. Zhang, and B. Malin, “Leveraging social networks to detect anomalous insider actions in collaborative environments,” Proceedings of IEEE Ninth Intelligence and Security Informatics, pp. 119-124, 2011.
- W. Eberle, and L. Holder, “Applying graph-based anomaly detection approaches to the discovery of insider threats,” Proceedings of IEEE International Conference on Intelligence and Security Informatics, pp. 206-208, 2009.
Abstract Views: 349
PDF Views: 0