Data-driven Model-based Detection of Malicious Insiders via Physical Access Logs-Reference-Cited by-同舟云学术

Data-driven Model-based Detection of Malicious Insiders via Physical Access Logs

Published:2019-12-17 Issue:4 Volume:29 Page:1-25
ISSN:1049-3301
Container-title:ACM Transactions on Modeling and Computer Simulation
language:en
Short-container-title:ACM Trans. Model. Comput. Simul.

Author:

Cheh Carmen¹,Thakore Uttam¹,Fawaz Ahmed²,Chen Binbin³,Temple William G.³,Sanders William H.⁴

Affiliation:

1. Department of Computer Science, University of Illinois, Urbana, Illinois

2. Information Trust Institute, University of Illinois, Urbana, Illinois

3. Advanced Digital Sciences Center, Singapore

4. Department of Electrical and Computer Engineering, University of Illinois, Urbana, Illinois

Abstract

The risk posed by insider threats has usually been approached by analyzing the behavior of users solely in the cyber domain. In this article, we show the viability of using physical movement logs, collected via a building access control system, together with an understanding of the layout of the building housing the system’s assets, to detect malicious insider behavior that manifests itself in the physical domain. In particular, we propose a systematic framework that uses contextual knowledge about the system and its users, learned from historical data gathered from a building access control system, to select suitable models for representing movement behavior. We suggest two different models of movement behavior in this article and evaluate their ability to represent normal user movement. We then explore the online usage of the learned models, together with knowledge about the layout of the building being monitored, to detect malicious insider behavior. Finally, we show the effectiveness of the developed framework using real-life data traces of user movement in railway transit stations.

Funder

Advanced Digital Sciences Center from Singapore's Agency for Science, Technology and Research

National Cybersecurity R8D Directorate

Maryland Procurement Office

Human-Centered Cyber-physical Systems Programme

National Research Foundation (NRF), Prime Minister's Office, Singapore, under its National Cybersecurity R8D Programme

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Science Applications,Modeling and Simulation

Link

https://dl.acm.org/doi/pdf/10.1145/3309540

Reference27 articles.

1. Alien Vault. 2016. Insider Threat Detection Software. Retrieved from https://www.alienvault.com/. Alien Vault. 2016. Insider Threat Detection Software. Retrieved from https://www.alienvault.com/.

2. Real life challenges in access-control management

3. Statistical Methods in Markov Chains

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Insider Intrusion Detection Techniques: A State-of-the-Art Review;Journal of Computer Information Systems;2023-02-14

2. Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses;Electronics;2020-09-07

3. Introduction to the Special Issue on Qest 2017;ACM Transactions on Modeling and Computer Simulation;2019-12-17