Loading...

XABA: A zero-knowledge anomaly-based behavioral analysis method to detect insider threats

Zargar, A ; Sharif University of Technology

332 Viewed
  1. Type of Document: Article
  2. DOI: 10.1109/ISCISC.2016.7736447
  3. Publisher: Institute of Electrical and Electronics Engineers Inc
  4. Abstract:
  5. Insider threat is a significant security risk for organizations and hard to detect. Most introduced detection methods need contextual data entries about users, or preprocessed user activity logs to detect insider threats which it is costly and time-consuming. In this paper, we introduce a behavior analysis method that learns its context and detects multiple types of insider threats from raw logs and network traffic in real-time. This method, named XABA, learns user roles and exclusive behaviors, through analyzing raw logs related to each network session of the user. Then it checks for some abnormal patterns, and if so, triggers the appropriate alert. XABA is implemented on the big-stream platform to operate on high rates of network sessions. To evaluate XABA, a real traitor scenario is designed and detected with low false positive. XABA can detect diverse types of scenarios in many contexts without any predefined information or preprocessed activity logs
  6. Keywords:
  7. Behavior Analysis ; Cryptography ; Security of data ; Abnormal patterns ; Attack detection ; Behavior analysis ; Behavioral analysis ; Detection methods ; Insider Threat ; Network sessions ; Traitor ; Network security
  8. Source: 13th International ISC Conference on Information Security and Cryptology, 7 September 2016 through 8 September 2016 ; 2016 , Pages 26-31 ; 9781509039494 (ISBN)
  9. URL: http://ieeexplore.ieee.org/document/7736447