Project Start & End Date:
August 2016- July 2019
Project Status:
Completed
Project Objectives and Scope
The scope is to develop novel algorithms for detecting insiders threat based on information that is collected on the users’ behaviour with acceptable true positive and false positive rates and efficiency, and provide an explanation why a given user is suspicious. Data sources such as mouse, keyboard dynamics and file system access logs can be employed for this purpose.
Challenges
The main research challenge is developing an algorithm that can be easily adapted to different organisations. In order to mitigate this challenge we may use transfer learning techniques. As discussed before, other challenges include achieving a balance between precision, efficiency and privacy of the algorithm, and to validate it on realistic data.
Methodology/Approach
In the project we develop algorithms based on various machine learning techniques such as Graph Clustering, Supervised and Unsupervised learning, Transfer Learning and Deep learning. Features are going to be extracted from many aspects of information related to the user. User characteristics can be analyzed using host-based activity based on system calls, keystroke timings and network traces and their respective combination. The extracted features will be used for representing the user behaviour over time and to train models in the setup phase and for detection during the operational phase. If the confidence level of the algorithm falls below certain threshold, it may serve as a stimulus to investigate actions taken by a user.
Publications
Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures
Careful-Packing: A practical and scalable anti-tampering software protection enforced by trusted computing
Detection of Masqueraders Based on Graph Partitioning of File System Access Events
The Wolf Of SUTD (TWOS): A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition.
TWOS: A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition
Principal Investigator(s)

BINDER, Alexander
