August 11, 2013 / Last updated : January 5, 2020 irfan Activity Recognition

Paper in ACM KDD 2013 “Detecting insider threats in a real corporate database of computer usage activity”

Citation

  • T. E. Senator, H. G. Goldberg, A. Memory, W. T. Young, B. Rees, R. Pierce, D. Huang, M. Reardon, D. A. Bader, E. Chow, I. Essa, J. Jones, V. Bettadapura, D. H. Chau, O. Green, O. Kaya, A. Zakrzewska, E. Briscoe, R. I. L. Mappus, R. McColl, L. Weiss, T. G. Dietterich, A. Fern, W. Wong, S. Das, A. Emmott, J. Irvine, J. Lee, D. Koutra, C. Faloutsos, D. Corkill, L. Friedland, A. Gentzel, and D. Jensen (2013), “Detecting insider threats in a real corporate database of computer usage activity,” in Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining, New York, NY, USA, 2013, p. 1393–1401. [WEBSITE] [DOI] [BIBTEX] 
    @InProceedings{ 2013-Senator-DITRCDCUA,
acmid = {2488213},
address  = {New York, NY, USA},
author  = {Senator, Ted E. and Goldberg, Henry G. and Memory,
Alex and Young, William T. and Rees, Brad and
Pierce, Robert and Huang, Daniel and Reardon,
Matthew and Bader, David A. and Chow, Edmond and
Essa, Irfan and Jones, Joshua and Bettadapura, Vinay
and Chau, Duen Horng and Green, Oded and Kaya, Oguz
and Zakrzewska, Anita and Briscoe, Erica and Mappus,
Rudolph IV L. and McColl, Robert and Weiss, Lora and
Dietterich, Thomas G. and Fern, Alan and Wong,
Weng--Keen and Das, Shubhomoy and Emmott, Andrew and
Irvine, Jed and Lee, Jay-Yoon and Koutra, Danai and
Faloutsos, Christos and Corkill, Daniel and
Friedland, Lisa and Gentzel, Amanda and Jensen,
David},
booktitle  = {{Proceedings of the 19th ACM SIGKDD international
conference on Knowledge discovery and data mining}},
doi = {10.1145/2487575.2488213},
isbn = {978-1-4503-2174-7},
location  = {Chicago, Illinois, USA},
month = {September},
numpages  = {9},
pages = {1393--1401},
publisher  = {ACM},
series  = {KDD '13},
title = {Detecting insider threats in a real corporate
database of computer usage activity},
url = {http://doi.acm.org/10.1145/2487575.2488213},
year = {2013}
}

Abstract

This paper reports on methods and results of an applied research project by a team consisting of SAIC and four universities to develop, integrate, and evaluate new approaches to detect the weak signals characteristic of insider threats on organizations’ information systems. Our system combines structural and semantic information from a real corporate database of monitored activity on their users’ computers to detect independently developed red team inserts of malicious insider activities. We have developed and applied multiple algorithms for anomaly detection based on suspected scenarios of malicious insider behavior, indicators of unusual activities, high-dimensional statistical patterns, temporal sequences, and normal graph evolution. Algorithms and representations for dynamic graph processing provide the ability to scale as needed for enterprise-level deployments on real-time data streams. We have also developed a visual language for specifying combinations of features, baselines, peer groups, time periods, and algorithms to detect anomalies suggestive of instances of insider threat behavior. We defined over 100 data features in seven categories based on approximately 5.5 million actions per day from approximately 5,500 users. We have achieved area under the ROC curve values of up to 0.979 and lift values of 65 on the top 50 user-days identified on two months of real data.

via ACM DL Detecting insider threats in a real corporate database of computer usage activity.

Categories
Activity Recognition
Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

Computational Photography and Video

Previous article

At ICVSS (International Computer Vision Summer School) 2013, in Calabria, ITALY (July 2013)
July 11, 2013
Activity Recognition

Next article

Paper in ACM Ubicomp 2013 "Technological approaches for addressing privacy concerns when recognizing eating behaviors with wearable cameras"
September 14, 2013