TY - GEN
T1 - Use of machine learning in big data analytics for insider threat detection
AU - Mayhew, Michael
AU - Atighetchi, Michael
AU - Adler, Aaron
AU - Greenstadt, Rachel
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/12/14
Y1 - 2015/12/14
N2 - In current enterprise environments, information is becoming more readily accessible across a wide range of interconnected systems. However, trustworthiness of documents and actors is not explicitly measured, leaving actors unaware of how latest security events may have impacted the trustworthiness of the information being used and the actors involved. This leads to situations where information producers give documents to consumers they should not trust and consumers use information from non-reputable documents or producers. The concepts and technologies developed as part of the Behavior-Based Access Control (BBAC) effort strive to overcome these limitations by means of performing accurate calculations of trustworthiness of actors, e.g., behavior and usage patterns, as well as documents, e.g., provenance and workflow data dependencies. BBAC analyses a wide range of observables for mal-behavior, including network connections, HTTP requests, English text exchanges through emails or chat messages, and edit sequences to documents. The current prototype service strategically combines big data batch processing to train classifiers and real-time stream processing to classifier observed behaviors at multiple layers. To scale up to enterprise regimes, BBAC combines clustering analysis with statistical classification in a way that maintains an adjustable number of classifiers.
AB - In current enterprise environments, information is becoming more readily accessible across a wide range of interconnected systems. However, trustworthiness of documents and actors is not explicitly measured, leaving actors unaware of how latest security events may have impacted the trustworthiness of the information being used and the actors involved. This leads to situations where information producers give documents to consumers they should not trust and consumers use information from non-reputable documents or producers. The concepts and technologies developed as part of the Behavior-Based Access Control (BBAC) effort strive to overcome these limitations by means of performing accurate calculations of trustworthiness of actors, e.g., behavior and usage patterns, as well as documents, e.g., provenance and workflow data dependencies. BBAC analyses a wide range of observables for mal-behavior, including network connections, HTTP requests, English text exchanges through emails or chat messages, and edit sequences to documents. The current prototype service strategically combines big data batch processing to train classifiers and real-time stream processing to classifier observed behaviors at multiple layers. To scale up to enterprise regimes, BBAC combines clustering analysis with statistical classification in a way that maintains an adjustable number of classifiers.
KW - HTTP
KW - TCP
KW - big data
KW - chat
KW - documents
KW - email
KW - insider threat
KW - machine learning
KW - support vector machine
KW - trust
KW - usage patterns
UR - http://www.scopus.com/inward/record.url?scp=84959282598&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84959282598&partnerID=8YFLogxK
U2 - 10.1109/MILCOM.2015.7357562
DO - 10.1109/MILCOM.2015.7357562
M3 - Conference contribution
AN - SCOPUS:84959282598
T3 - Proceedings - IEEE Military Communications Conference MILCOM
SP - 915
EP - 922
BT - 2015 IEEE Military Communications Conference, MILCOM 2015
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 34th Annual IEEE Military Communications Conference, MILCOM 2015
Y2 - 26 October 2015 through 28 October 2015
ER -