Distance Measurement Methods for Improved Insider Threat Detection

Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account changes of behaviour of users. This work builds on a pub...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Security and communication networks 2018-01, Vol.2018 (2018), p.1-18
Hauptverfasser:	Macfarlane, Richard, Griffiths, Paul, Buchanan, William J., Lo, Owen
Format:	Artikel
Sprache:	eng
Schlagworte:	Change detection Cybersecurity Datasets Distance measurement Information sources Machine learning Measurement methods Measurement techniques Neural networks Ontology Principal components analysis Resource Description Framework-RDF Threats
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	18
container_issue	2018
container_start_page	1
container_title	Security and communication networks
container_volume	2018
creator	Macfarlane, Richard Griffiths, Paul Buchanan, William J. Lo, Owen
description	Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account changes of behaviour of users. This work builds on a published method of detecting insider threats and applies Hidden Markov method on a CERT data set (CERT r4.2) and analyses a number of distance vector methods (Damerau–Levenshtein Distance, Cosine Distance, and Jaccard Distance) in order to detect changes of behaviour, which are shown to have success in determining different insider threats.
doi_str_mv	10.1155/2018/5906368
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2455784726</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2455784726</sourcerecordid><originalsourceid>FETCH-LOGICAL-c360t-f360e45dce14f7e03bf01fc0399948bd7dda221531cab139679e9e6915d6e4a83</originalsourceid><addsrcrecordid>eNqF0D1PwzAQBmALgUQpbMwoEiOE-vyVeISWj0pFLGWO3PispqJJsV0q_j2uUsHIcnfDo7vTS8gl0DsAKUeMQjmSmiquyiMyAM11ToGx498ZxCk5C2FFqQJRiAF5mDQhmrbG7BVN2HpcYxvTHJedDZnrfDZdb3z3hTabtqGx6LP50qOJ2QQj1rHp2nNy4sxHwItDH5L3p8f5-CWfvT1Px_ezvOaKxtylikLaGkG4AilfOAquplxrLcqFLaw1jIHkUJsFcK0KjRqVBmkVClPyIbnu96Z_PrcYYrXqtr5NJysmpCxKUTCV1G2vat-F4NFVG9-sjf-ugFb7lKp9StUhpcRver5sWmt2zX_6qteYDDrzpxmI9AT_AcZ3b88</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2455784726</pqid></control><display><type>article</type><title>Distance Measurement Methods for Improved Insider Threat Detection</title><source>Free E-Journal (出版社公開部分のみ）</source><source>Wiley Open Access</source><source>Alma/SFX Local Collection</source><creator>Macfarlane, Richard ; Griffiths, Paul ; Buchanan, William J. ; Lo, Owen</creator><contributor>Pelosi, Gerardo ; Gerardo Pelosi</contributor><creatorcontrib>Macfarlane, Richard ; Griffiths, Paul ; Buchanan, William J. ; Lo, Owen ; Pelosi, Gerardo ; Gerardo Pelosi</creatorcontrib><description>Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account changes of behaviour of users. This work builds on a published method of detecting insider threats and applies Hidden Markov method on a CERT data set (CERT r4.2) and analyses a number of distance vector methods (Damerau–Levenshtein Distance, Cosine Distance, and Jaccard Distance) in order to detect changes of behaviour, which are shown to have success in determining different insider threats.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2018/5906368</identifier><language>eng</language><publisher>Cairo, Egypt: Hindawi Publishing Corporation</publisher><subject>Change detection ; Cybersecurity ; Datasets ; Distance measurement ; Information sources ; Machine learning ; Measurement methods ; Measurement techniques ; Neural networks ; Ontology ; Principal components analysis ; Resource Description Framework-RDF ; Threats</subject><ispartof>Security and communication networks, 2018-01, Vol.2018 (2018), p.1-18</ispartof><rights>Copyright © 2018 Owen Lo et al.</rights><rights>Copyright © 2018 Owen Lo et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c360t-f360e45dce14f7e03bf01fc0399948bd7dda221531cab139679e9e6915d6e4a83</citedby><cites>FETCH-LOGICAL-c360t-f360e45dce14f7e03bf01fc0399948bd7dda221531cab139679e9e6915d6e4a83</cites><orcidid>0000-0003-0201-6498 ; 0000-0003-0809-3523</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><contributor>Pelosi, Gerardo</contributor><contributor>Gerardo Pelosi</contributor><creatorcontrib>Macfarlane, Richard</creatorcontrib><creatorcontrib>Griffiths, Paul</creatorcontrib><creatorcontrib>Buchanan, William J.</creatorcontrib><creatorcontrib>Lo, Owen</creatorcontrib><title>Distance Measurement Methods for Improved Insider Threat Detection</title><title>Security and communication networks</title><description>Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account changes of behaviour of users. This work builds on a published method of detecting insider threats and applies Hidden Markov method on a CERT data set (CERT r4.2) and analyses a number of distance vector methods (Damerau–Levenshtein Distance, Cosine Distance, and Jaccard Distance) in order to detect changes of behaviour, which are shown to have success in determining different insider threats.</description><subject>Change detection</subject><subject>Cybersecurity</subject><subject>Datasets</subject><subject>Distance measurement</subject><subject>Information sources</subject><subject>Machine learning</subject><subject>Measurement methods</subject><subject>Measurement techniques</subject><subject>Neural networks</subject><subject>Ontology</subject><subject>Principal components analysis</subject><subject>Resource Description Framework-RDF</subject><subject>Threats</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><sourceid>RHX</sourceid><sourceid>BENPR</sourceid><recordid>eNqF0D1PwzAQBmALgUQpbMwoEiOE-vyVeISWj0pFLGWO3PispqJJsV0q_j2uUsHIcnfDo7vTS8gl0DsAKUeMQjmSmiquyiMyAM11ToGx498ZxCk5C2FFqQJRiAF5mDQhmrbG7BVN2HpcYxvTHJedDZnrfDZdb3z3hTabtqGx6LP50qOJ2QQj1rHp2nNy4sxHwItDH5L3p8f5-CWfvT1Px_ezvOaKxtylikLaGkG4AilfOAquplxrLcqFLaw1jIHkUJsFcK0KjRqVBmkVClPyIbnu96Z_PrcYYrXqtr5NJysmpCxKUTCV1G2vat-F4NFVG9-sjf-ugFb7lKp9StUhpcRver5sWmt2zX_6qteYDDrzpxmI9AT_AcZ3b88</recordid><startdate>20180101</startdate><enddate>20180101</enddate><creator>Macfarlane, Richard</creator><creator>Griffiths, Paul</creator><creator>Buchanan, William J.</creator><creator>Lo, Owen</creator><general>Hindawi Publishing Corporation</general><general>Hindawi</general><general>Hindawi Limited</general><scope>ADJCN</scope><scope>AHFXO</scope><scope>RHU</scope><scope>RHW</scope><scope>RHX</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0003-0201-6498</orcidid><orcidid>https://orcid.org/0000-0003-0809-3523</orcidid></search><sort><creationdate>20180101</creationdate><title>Distance Measurement Methods for Improved Insider Threat Detection</title><author>Macfarlane, Richard ; Griffiths, Paul ; Buchanan, William J. ; Lo, Owen</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c360t-f360e45dce14f7e03bf01fc0399948bd7dda221531cab139679e9e6915d6e4a83</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Change detection</topic><topic>Cybersecurity</topic><topic>Datasets</topic><topic>Distance measurement</topic><topic>Information sources</topic><topic>Machine learning</topic><topic>Measurement methods</topic><topic>Measurement techniques</topic><topic>Neural networks</topic><topic>Ontology</topic><topic>Principal components analysis</topic><topic>Resource Description Framework-RDF</topic><topic>Threats</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Macfarlane, Richard</creatorcontrib><creatorcontrib>Griffiths, Paul</creatorcontrib><creatorcontrib>Buchanan, William J.</creatorcontrib><creatorcontrib>Lo, Owen</creatorcontrib><collection>الدوريات العلمية والإحصائية - e-Marefa Academic and Statistical Periodicals</collection><collection>معرفة - المحتوى العربي الأكاديمي المتكامل - e-Marefa Academic Complete</collection><collection>Hindawi Publishing Complete</collection><collection>Hindawi Publishing Subscription Journals</collection><collection>Hindawi Publishing Open Access Journals</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ProQuest advanced technologies & aerospace journals</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Macfarlane, Richard</au><au>Griffiths, Paul</au><au>Buchanan, William J.</au><au>Lo, Owen</au><au>Pelosi, Gerardo</au><au>Gerardo Pelosi</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Distance Measurement Methods for Improved Insider Threat Detection</atitle><jtitle>Security and communication networks</jtitle><date>2018-01-01</date><risdate>2018</risdate><volume>2018</volume><issue>2018</issue><spage>1</spage><epage>18</epage><pages>1-18</pages><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account changes of behaviour of users. This work builds on a published method of detecting insider threats and applies Hidden Markov method on a CERT data set (CERT r4.2) and analyses a number of distance vector methods (Damerau–Levenshtein Distance, Cosine Distance, and Jaccard Distance) in order to detect changes of behaviour, which are shown to have success in determining different insider threats.</abstract><cop>Cairo, Egypt</cop><pub>Hindawi Publishing Corporation</pub><doi>10.1155/2018/5906368</doi><tpages>18</tpages><orcidid>https://orcid.org/0000-0003-0201-6498</orcidid><orcidid>https://orcid.org/0000-0003-0809-3523</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 1939-0114
ispartof	Security and communication networks, 2018-01, Vol.2018 (2018), p.1-18
issn	1939-0114 1939-0122
language	eng
recordid	cdi_proquest_journals_2455784726
source	Free E-Journal (出版社公開部分のみ）; Wiley Open Access; Alma/SFX Local Collection
subjects	Change detection Cybersecurity Datasets Distance measurement Information sources Machine learning Measurement methods Measurement techniques Neural networks Ontology Principal components analysis Resource Description Framework-RDF Threats
title	Distance Measurement Methods for Improved Insider Threat Detection
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-29T11%3A27%3A16IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Distance%20Measurement%20Methods%20for%20Improved%20Insider%20Threat%20Detection&rft.jtitle=Security%20and%20communication%20networks&rft.au=Macfarlane,%20Richard&rft.date=2018-01-01&rft.volume=2018&rft.issue=2018&rft.spage=1&rft.epage=18&rft.pages=1-18&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2018/5906368&rft_dat=%3Cproquest_cross%3E2455784726%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2455784726&rft_id=info:pmid/&rfr_iscdi=true