Abstract
In digital age, the valuable asset of every company is their data. They contain personal information, companies and industries data, sensitive government communications and a lot of more. With the rapid development in IT technology, accessing the network become cheaper and easier. As a result, organizations are more vulnerable to both insiders and outsider threat. This work proposes user profiling in anomaly detection and analysis of log authorization. This method enables companies to assess each user’s activities and detect slight deviation from their usual pattern. To evaluate this method, we obtained a private dataset from NextLabs Company, and the CERT dataset that is a public dataset. We used random forest for this system and presented the results. The result shows that the algorithm achieved 97.81% of accuracy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. Prasad, "Insider Threat to Organizations in the Digital Era and Combat Strategies," presented at the Indo-US conference and workshop on “Cyber Security, Cyber Crime and Cyber Forensics, Kochi, India, 2009.
S. S. Smith, "INTERNET CRIME REPORT " "FBI’s Internet Crime Complaint Center "2016.
C. Nexus, "State of Cybersecurity:Implications for 2016," "An ISACA and RSA Conference Survey", 2016.
S. Bauer and E. W. N. Bernroider, "From Information Security Awareness to Reasoned Compliant Action: Analyzing Information Security Policy Compliance in a Large Banking Organization," SIGMIS Database, vol. 48, pp. 44-68, 2017.
J. P. Anderson, "Computer security threat monitoring and surveillance," Technical Report, James P. Anderson Company, 1980.
R. Vaarandi, M. Kont, and M. Pihelgas, "Event log analysis with the LogCluster tool," Proceedings of Military Communications Conference MILCOM 2016-2016 IEEE, pp. 982-987, 2016.
A. S. McGough, D. Wall, J. Brennan, G. Theodoropoulos, E. Ruck-Keene, B. Arief, et al., "Insider Threats: Identifying Anomalous Human Behaviour in Heterogeneous Systems Using Beneficial Intelligent Software (Ben-ware)," presented at the Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, Denver, Colorado, USA, 2015.
S. D. Bhattacharjee, J. Yuan, Z. Jiaqi, and Y.-P. Tan, "Context-aware graph-based analysis for detecting anomalous activities," presented at the Multimedia and Expo (ICME), 2017 IEEE International Conference on, 2017.
K. W. Kongsg, #229, rd, N. A. Nordbotten, F. Mancini, and P. E. Engelstad, "An Internal/Insider Threat Score for Data Loss Prevention and Detection," presented at the Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics, Scottsdale, Arizona, USA, 2017.
R. Sheikhpour, M. A. Sarram, S. Gharaghani, and M. A. Z. Chahooki, "A Survey on semi-supervised feature selection methods," Pattern Recognition, vol. 64, pp. 141-158, 2017/04/01/ 2017.
P. A. Legg, O. Buckley, M. Goldsmith, and S. Creese, "Automated insider threat detection system using user and role-based profile assessment," IEEE Systems Journal, vol. 11, pp. 503-512, 2015.
I. Agrafiotis, A. Erola, J. Happa, M. Goldsmith, and S. Creese, "Validating an Insider Threat Detection System: A Real Scenario Perspective," presented at the 2016 IEEE Security and Privacy Workshops (SPW), 2016.
T. Rashid, I. Agrafiotis, and J. R. C. Nurse, "A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models," presented at the Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, Vienna, Austria, 2016.
L. Breiman, "Random forests," Machine learning, vol. 45, pp. 5-32, 2001.
H. Tin Kam, "The random subspace method for constructing decision forests,"Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol. 20, pp. 832-844, 1998.
Acknowledgement
The work described in this paper was supported by the Collaborative Agreement with NextLabs (Malaysia) Sdn Bhd (Project title: Anomaly detection in Policy Authorization Activity Logs).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zamanian, Z., Feizollah, A., Anuar, N.B., Kiah, L.B.M., Srikanth, K., Kumar, S. (2019). User Profiling in Anomaly Detection of Authorization Logs. In: Alfred, R., Lim, Y., Ibrahim, A., Anthony, P. (eds) Computational Science and Technology. Lecture Notes in Electrical Engineering, vol 481. Springer, Singapore. https://doi.org/10.1007/978-981-13-2622-6_6
Download citation
DOI: https://doi.org/10.1007/978-981-13-2622-6_6
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-2621-9
Online ISBN: 978-981-13-2622-6
eBook Packages: EngineeringEngineering (R0)