Abstract
In recent years, the major source of information leakage is due to insiders. In order to detect information leakage by some internal insiders, anomaly detection using individual and community behavior models have been developed. The basic assumption of anomaly detection is each user has his/her own profile of activities and anomaly detection algorithm attempts to identify any deviation from the basic profile by each user. Both models neglected the possibility of change of individual user profile, e.g. change of individual interests. We propose here an anomaly detection model of insider threat using file content. The proposed model uses the document segmentation and Naive Bayes algorithm to classify the contents of files in an organization. We then set up the correlation matrices between users and their interests, and also the user community and their interests. We then propose a comprehensive model to detect the insider threat, which takes into consideration of the deviations of individual users’ current behaviors, their historical behaviors and their associated community behaviors simultaneously. According to the experimental test results, the proposed model can successfully detect the anomaly access to files in the internal systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., et al.: Role-Based Access Control Models yz. IEEE Computer 29(2), 38–47 (1996)
Maloof, M.A., Stephens, G.D.: elicit: A system for detecting insiders who violate need-to-know. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 146–166. Springer, Heidelberg (2007)
Chen, Y., Nyemba, S., Malin, B.: Detecting anomalous insiders in collaborative information systems. IEEE Transactions on Dependable and Secure Computing 9(3), 332–344 (2012)
Wood, B.: An insider threat model for adversary simulation. SRI International, Research on Mitigating the Insider Threat to Information Systems 2, 1–3 (2000)
Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: de Capitani di Vimercati, S., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005)
Zheng, N., Paloski, A., Wang, H.: An efficient user verification system via mouse movements. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 139–150. ACM (2011)
Hongbin, Z., Qingqi, P., Chao, W., Meihua, W.: Sensing insider threat based on access vectors. Journal of Xidian University (2014)
Salton, G., Wong, A., Yang, C.S.: A vector space model for automatic indexing. Communications of the ACM 18(11), 613–620 (1975)
Manning, C.D., Raghavan, P., Schutze, H.: Scoring, term weighting, and the vector space model. Introduction to Information Retrieval 100 (2008)
Harrington, P.: Machine Learning in Action. Manning Publications Co. (2012)
The corpus of test categorization of Sogou. [OL] (May 20, (2014), http://www.sogou.com/labs/dl/c.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhang, R., Chen, X., Shi, J., Xu, F., Pu, Y. (2014). Detecting Insider Threat Based on Document Access Behavior Analysis. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds) Web Technologies and Applications. APWeb 2014. Lecture Notes in Computer Science, vol 8710. Springer, Cham. https://doi.org/10.1007/978-3-319-11119-3_35
Download citation
DOI: https://doi.org/10.1007/978-3-319-11119-3_35
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11118-6
Online ISBN: 978-3-319-11119-3
eBook Packages: Computer ScienceComputer Science (R0)