Abstract
As a countermeasure against insider threats in a broad sense, a method of detecting suspicious behavior of the accounts on a file server is presented. Our proposed method employs some statistics as usage features and the deviation from other users as an anomaly score. An experiment is conducted on a file server which is actually used by tens of thousands of users. We report some characteristic behavior of the accounts which are detected as anomaly by the method.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Breunig, M.M., et al.: LOF: identifying density-based local outliers. ACM Sigmod Rec. 29(2), 93–104 (2000). ACM
Calandrino, J.A., McKinney, S.J., Sheldon, F.T.: Detection of undesirable insider behavior. In: Third Annual Cyber Security and Information Infrastructure Research Workshop. Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA, pp. 294–308 (2007)
D Language Foundation: D Programming Language 2.073. 1999–2016. http://dlang.org/
Dempster, A.P., Laird, N.M., Rubin, D.B.: Maximum likelihood from incomplete data via the EM algorithm. J. R. Stat. Soc. Ser. B (Methodological) 39(1), 1–38 (1977). ISSN 00359246
Fraley, C., et al.: mclust 5.2. 1999–2016. https://cran.r-project.org/package=mclust
Ponemon Institute, LLC (2015) Cost of Cyber Crime Study: Global. http://www.cnmeonline.com/myresources/hpe/docs/HPE_SIEM_Analyst_Report_-_2015_Cost_of_Cyber_Crime_Study_-_Global.pdf
Preferred Infrastructure, Inc. maf 0.2. 2013–2014. https://github.com/pfi/maf
R development core team. R 3.2.2. 1996–2016. https://www.r-project.org/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Ohori, R., Torii, S. (2018). Suspicious User Detection Based on File Server Usage Features. In: Barolli, L., Enokido, T. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2017. Advances in Intelligent Systems and Computing, vol 612. Springer, Cham. https://doi.org/10.1007/978-3-319-61542-4_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-61542-4_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61541-7
Online ISBN: 978-3-319-61542-4
eBook Packages: EngineeringEngineering (R0)