Suspicious User Detection Based on File Server Usage Features

Ohori, Ryuichi; Torii, Satoru

doi:10.1007/978-3-319-61542-4_44

Ryuichi Ohori¹⁶ &
Satoru Torii¹⁶

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 612))

Included in the following conference series:

International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing

1751 Accesses

Abstract

As a countermeasure against insider threats in a broad sense, a method of detecting suspicious behavior of the accounts on a file server is presented. Our proposed method employs some statistics as usage features and the deviation from other users as an anomaly score. An experiment is conducted on a file server which is actually used by tens of thousands of users. We report some characteristic behavior of the accounts which are detected as anomaly by the method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 259.00; Price excludes VAT (USA)

Softcover Book: USD 329.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Breunig, M.M., et al.: LOF: identifying density-based local outliers. ACM Sigmod Rec. 29(2), 93–104 (2000). ACM
Google Scholar
Calandrino, J.A., McKinney, S.J., Sheldon, F.T.: Detection of undesirable insider behavior. In: Third Annual Cyber Security and Information Infrastructure Research Workshop. Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA, pp. 294–308 (2007)
Google Scholar
D Language Foundation: D Programming Language 2.073. 1999–2016. http://dlang.org/
Dempster, A.P., Laird, N.M., Rubin, D.B.: Maximum likelihood from incomplete data via the EM algorithm. J. R. Stat. Soc. Ser. B (Methodological) 39(1), 1–38 (1977). ISSN 00359246
Google Scholar
Fraley, C., et al.: mclust 5.2. 1999–2016. https://cran.r-project.org/package=mclust
Ponemon Institute, LLC (2015) Cost of Cyber Crime Study: Global. http://www.cnmeonline.com/myresources/hpe/docs/HPE_SIEM_Analyst_Report_-_2015_Cost_of_Cyber_Crime_Study_-_Global.pdf
Preferred Infrastructure, Inc. maf 0.2. 2013–2014. https://github.com/pfi/maf
R development core team. R 3.2.2. 1996–2016. https://www.r-project.org/

Download references

Author information

Authors and Affiliations

Fujitsu Laboratories Ltd., 4-1-1 Kamikodanaka, Nakahara, Kawasaki, 211-8588, Japan
Ryuichi Ohori & Satoru Torii

Authors

Ryuichi Ohori
View author publications
You can also search for this author in PubMed Google Scholar
Satoru Torii
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ryuichi Ohori .

Editor information

Editors and Affiliations

Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan
Leonard Barolli
Rissho University, Tokyo, Japan
Tomoya Enokido

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ohori, R., Torii, S. (2018). Suspicious User Detection Based on File Server Usage Features. In: Barolli, L., Enokido, T. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2017. Advances in Intelligent Systems and Computing, vol 612. Springer, Cham. https://doi.org/10.1007/978-3-319-61542-4_44

Download citation

DOI: https://doi.org/10.1007/978-3-319-61542-4_44
Published: 05 July 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61541-7
Online ISBN: 978-3-319-61542-4
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics