Visible to the public Insider Threat Detection Through Attributed Graph Clustering

TitleInsider Threat Detection Through Attributed Graph Clustering
Publication TypeConference Paper
Year of Publication2017
AuthorsGamachchi, A., Boztas, S.
Conference Name2017 IEEE Trustcom/BigDataSE/ICESS
Date Publishedaug
Keywordsanomaly detection, attributed graph clustering, Bipartite graph, business data processing, Clustering algorithms, Collaboration, cybersecurity threats, Data analysis, Electronic mail, enterprise users, graph theory, heterogeneous data analysis, Human Behavior, human factors, Insider Threat Detection, insider threats, malicious attacker unpredictability, malicious insider access, Metrics, network analysis, organizational dynamics, Organizations, outlier ranking mechanism, pattern clustering, policy-based governance, psychology, pubcrawl, Resiliency, security, security of data, trusted source
Abstract

While most organizations continue to invest in traditional network defences, a formidable security challenge has been brewing within their own boundaries. Malicious insiders with privileged access in the guise of a trusted source have carried out many attacks causing far reaching damage to financial stability, national security and brand reputation for both public and private sector organizations. Growing exposure and impact of the whistleblower community and concerns about job security with changing organizational dynamics has further aggravated this situation. The unpredictability of malicious attackers, as well as the complexity of malicious actions, necessitates the careful analysis of network, system and user parameters correlated with insider threat problem. Thus it creates a high dimensional, heterogeneous data analysis problem in isolating suspicious users. This research work proposes an insider threat detection framework, which utilizes the attributed graph clustering techniques and outlier ranking mechanism for enterprise users. Empirical results also confirm the effectiveness of the method by achieving the best area under curve value of 0.7648 for the receiver operating characteristic curve.

URLhttps://ieeexplore.ieee.org/document/8029430
DOI10.1109/Trustcom/BigDataSE/ICESS.2017.227
Citation Keygamachchi_insider_2017