Use of machine learning in big data analytics for insider threat detection

Michael Mayhew, Michael Atighetchi, Aaron Adler, Rachel Greenstadt

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    In current enterprise environments, information is becoming more readily accessible across a wide range of interconnected systems. However, trustworthiness of documents and actors is not explicitly measured, leaving actors unaware of how latest security events may have impacted the trustworthiness of the information being used and the actors involved. This leads to situations where information producers give documents to consumers they should not trust and consumers use information from non-reputable documents or producers. The concepts and technologies developed as part of the Behavior-Based Access Control (BBAC) effort strive to overcome these limitations by means of performing accurate calculations of trustworthiness of actors, e.g., behavior and usage patterns, as well as documents, e.g., provenance and workflow data dependencies. BBAC analyses a wide range of observables for mal-behavior, including network connections, HTTP requests, English text exchanges through emails or chat messages, and edit sequences to documents. The current prototype service strategically combines big data batch processing to train classifiers and real-time stream processing to classifier observed behaviors at multiple layers. To scale up to enterprise regimes, BBAC combines clustering analysis with statistical classification in a way that maintains an adjustable number of classifiers.

    Original languageEnglish (US)
    Title of host publication2015 IEEE Military Communications Conference, MILCOM 2015
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages915-922
    Number of pages8
    ISBN (Electronic)9781509000739
    DOIs
    StatePublished - Dec 14 2015
    Event34th Annual IEEE Military Communications Conference, MILCOM 2015 - Tampa, United States
    Duration: Oct 26 2015Oct 28 2015

    Publication series

    NameProceedings - IEEE Military Communications Conference MILCOM
    Volume2015-December

    Other

    Other34th Annual IEEE Military Communications Conference, MILCOM 2015
    Country/TerritoryUnited States
    CityTampa
    Period10/26/1510/28/15

    Keywords

    • HTTP
    • TCP
    • big data
    • chat
    • documents
    • email
    • insider threat
    • machine learning
    • support vector machine
    • trust
    • usage patterns

    ASJC Scopus subject areas

    • Electrical and Electronic Engineering

    Fingerprint

    Dive into the research topics of 'Use of machine learning in big data analytics for insider threat detection'. Together they form a unique fingerprint.

    Cite this