Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/41476

Insider Threat Detection in PRODIGAL

File SizeFormat 
paper0327.pdf3.34 MBAdobe PDFView/Open

Item Summary

Title: Insider Threat Detection in PRODIGAL
Authors: Goldberg, Henry
Young, William
Reardon, Matthew
Phillips, Brian
Senator, Ted
Keywords: anomaly detection
experimental case study
insider threat
unsupervised ensembles
Issue Date: 04 Jan 2017
Abstract: This paper reports on insider threat detection research, during which a prototype system (PRODIGAL) was developed and operated as a testbed for exploring a range of detection and analysis methods. The data and test environment, system components, and the core method of unsupervised detection \ of insider threat leads are presented to document this work and benefit others working in the insider threat domain. \ \ We also discuss a core set of experiments evaluating the prototype’s ability to detect both known and unknown malicious insider behaviors. The experimental results show the ability to detect a large variety of insider threat scenario instances imbedded in real data with no prior knowledge of what scenarios \ are present or when they occur. \ \ We report on an ensemble-based, unsupervised technique for detecting potential insider threat instances. When run over 16 months of real monitored computer usage activity augmented with independently developed and unknown but realistic, insider threat scenarios, this technique robustly achieves results within five percent of the best individual detectors identified after the fact. We discuss factors that contribute to the success of the ensemble method, such as the number and variety of unsupervised detectors and the use of prior knowledge encoded in detectors designed for specific activity patterns. \ \ Finally, the paper describes the architecture of the prototype system, the environment in which we conducted these experiments and that is in the process of being transitioned to operational users.
Pages/Duration: 10 pages
URI/DOI: http://hdl.handle.net/10125/41476
ISBN: 978-0-9981331-0-2
DOI: 10.24251/HICSS.2017.320
Rights: Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections:Inside the Insider Threat Minitrack



Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.