Insider Threat Detection Using Stream Mining and Graph Mining

Evidence of malicious insider activity is often buried within large data streams, such as system logs accumulated over months or years. Ensemble-based stream mining leverages multiple classification models to achieve highly accurate anomaly detection in such streams even when the stream is unbounded, evolving, and unlabeled. This makes the approach effective for identifying insider threats who attempt to conceal their activities by varying their behaviors over time. This paper applies ensemble-based stream mining, unsupervised learning, and graph-based anomaly detection to the problem of insider threat detection, demonstrating that the ensemble-based approach is significantly more effective than traditional single-model methods.

• Publication year

  2011

• Venue

  2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing

• Publication date

  2011-10-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/PASSAT/SocialCom.2011.211
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Modeling User Search Behavior for Masquerade Detection

  2011cited by this paper
• Classification and Novel Class Detection in Concept-Drifting Data Streams under Time Constraints

  2011cited by this paper
• Insider Threat Detection Using a Graph-Based Approach

  2010cited by this paper
• Addressing Concept-Evolution in Concept-Drifting Data Streams

  2010cited by this paper
• An Algorithm for Mining Frequent Items on Data Stream Using Fading Factor

  2009cited by this paper
• Insider Threat Study: Illicit Cyber Activity in the Government Sector

  2008cited by this paper
• A Survey of Insider Attack Detection Research

  2008cited by this paper
• A Practical Approach to Classify Evolving Data Streams: Training with Limited Amount of Labeled Data

  2008cited by this paper
• Mining for Structural Anomalies in Graph-based Data

  2007cited by this paper
• Subdue: compression-based frequent pattern discovery in graph data

  2005cited by this paper
• A comparison of system call feature representations for insider threat detection

  2005cited by this paper
• Understanding the Insider Threat

  2004cited by this paper
• On Gray-Box Program Tracking for Anomaly Detection

  2004cited by this paper
• Volume 7 Number 2 @bullet Fall 2004 Contents Feature 4 Ontology Development Challenges and Applications Using the Darpa Agent Markup Language (daml) Special Reports—agent-based Software, Autonomic Computing, Computer Immunology, and the Semantic Web Computer Investigation Markup Language (ciml)— an

  2004cited by this paper
• Systematic data selection to mine concept-drifting data streams

  2004cited by this paper
• On the Detection of Anomalous System Call Arguments

  2003cited by this paper
• Detecting insider threats by monitoring system call activity

  2003cited by this paper
• One-Class Training for Masquerade Detection

  2003cited by this paper
• Learning Rules from System Call Arguments and Sequences for Anomaly 20 Detection

  2003cited by this paper
• Masquerade detection using enriched command lines

  2003cited by this paper
• A framework for understanding and predicting insider attacks

  2002cited by this paper
• gSpan: graph-based substructure pattern mining

  2002cited by this paper
• Using Text Categorization Techniques for Intrusion Detection

  2002cited by this paper
• A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA

  2002cited by this paper
• A Geometric Framework for Unsupervised Anomaly Detection

  2002cited by this paper
• Computer Intrusion: Detecting Masquerades

  2001cited by this paper
• Understanding the shape of the hazard rate: a process point of view (With comments and a rejoinder by the authors)

  2001cited by this paper
• Graph-Based Data Mining

  2000cited by this paper
• Mining high-speed data streams

  2000cited by this paper
• Adaptive Model Generation for Intrusion Detection Systems

  2000cited by this paper
• Fast spinning into oblivion? Recent developments in money-laundering policies and offshore finance centres

  1999cited by this paper
• A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems

  1999cited by this paper
• Intrusion detection using sequences of system calls

  1998cited by this paper
• GrIDS A Graph-Based Intrusion Detection System for Large Networks

  1996cited by this paper
• A sense of self for Unix processes

  1996cited by this paper
• MINING GRAPH DATA

  year unknowncited by this paper

• From static to dynamic risk indicators in predicting and detecting insider attacks

  2025cites this paper
• Identifying the most accurate machine learning classification technique to detect network threats

  2024cites this paper
• Toward an Insider Threat Education Platform: A Theoretical Literature Review

  2024cites this paper
• Deep Learning and Blockchain for Detection and Prevention Abuse of Privileges

  2024cites this paper
• A Pragmatic Enquiry to Learn Recent Trends in Insider Threat Detection Approaches

  2024cites this paper
• Dealing with extremly Unbalanced Data and Detecting Insider Threats with Deep Neural Networks

  2023cites this paper
• A Transparent Blockchain-Based College Admissions Platform

  2023cites this paper
• Temporal feature aggregation with attention for insider threat detection from activity logs

  2023cites this paper
• SparseCore: stream ISA and processor specialization for sparse computation

  2022cites this paper
• Detecting an Insider Threat and Analysis of XGBoost using Hyperparameter tuning

  2022cites this paper
• Insider Threat Detection Based on NLP Word Embedding and Machine Learning

  2022cites this paper
• Anomaly Detection for Insider Threats Using Unsupervised Ensembles

  2021cites this paper
• Threat Analysis using N-median Outlier Detection Method with Deviation Score

  2021cites this paper
• A Novel Insider Attack and Machine Learning Based Detection for the Internet of Things

  2021cites this paper
• Machine Learning for Streaming Data: Overview, Applications and Challenges

  2021cites this paper
• A Multi-Tiered Framework for Insider Threat Prevention

  2021cites this paper
• A Review of Insider Threat Detection Approaches With IoT Perspective

  2020cites this paper
• Doc2vec-based Insider Threat Detection through Behaviour Analysis of Multi-source Security Logs

  2020cites this paper
• A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

  2020influential citation
• Evolving Advanced Persistent Threat Detection using Provenance Graph and Metric Learning

  2020cites this paper
• Secure IoT Data Analytics in Cloud via Intel SGX

  2020cites this paper
• ADSAGE: Anomaly Detection in Sequences of Attributed Graph Edges applied to insider threat detection at fine-grained level

  2020cites this paper
• Adaptive Margin Based Deep Adversarial Metric Learning

  2020cites this paper
• Insider Threat Detection Using Supervised Machine Learning Algorithms on an Extremely Imbalanced Dataset

  2020cites this paper
• A Trust Aware Unsupervised Learning Approach for Insider Threat Detection

  2019cites this paper
• Advanced insider threat detection model to apply periodic work atmosphere

  2019cites this paper
• Automated Verbal-Pattern Extraction from Political News Articles using CAMEO Event Coding Ontology

  2019cites this paper
• Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms

  2019cites this paper
• Exploring Feature Normalization and Temporal Information for Machine Learning Based Insider Threat Detection

  2019cites this paper
• Insider Threat Identification Using the Simultaneous Neural Learning of Multi-Source Logs

  2019influential citation
• SoK: A Systematic Review of Insider Threat Detection

  2019influential citation
• Embedding Learning with Heterogeneous Event Sequence for Insider Threat Detection

  2019cites this paper
• SIM: Open-World Multi-Task Stream Classifier with Integral Similarity Metrics

  2019cites this paper
• Secure Real-Time Heterogeneous IoT Data Management System

  2019cites this paper
• Detecting IRC-based Botnets by Network Traffic Analysis Through Machine Learning

  2019cites this paper
• BotNet Detection by Monitoring Network Traffic Using K-ANN Algorithm

  2019cites this paper
• Insight Into Insiders and IT

  2018cites this paper
• Detecting and Preventing Cyber Insider Threats: A Survey

  2018cites this paper
• Detecting Insider Malicious Activities in Cloud Collaboration Systems

  2018cites this paper
• Benchmarking evolutionary computation approaches to insider threat detection

  2018cites this paper
• Security in the Cloud: an anomaly-based detection framework for the insider threats. (Sécurité dans le cloud: framework de détection de menaces internes basé sur l'analyse d'anomalies)

  2018cites this paper
• Stopping the Insider at the Gates: Protecting Organizational Assets through Graph Mining

  2018cites this paper
• Anomaly-Based Insider Threat Detection Using Deep Autoencoders

  2018cites this paper
• Abnormal Behavior Analysis in Office Automation System within Organizations

  2017cites this paper
• Context-aware graph-based analysis for detecting anomalous activities

  2017cites this paper
• Insider Threat Event Detection in User-System Interactions

  2017cites this paper
• Insider threat detection using principal component analysis and self-organising map

  2017cites this paper
• Carnegie Mellon University's CERT Dataset Analysis and Suggestions

  2017cites this paper
• An Insider Threat Detection Method Based on Business Process Mining

  2017cites this paper
• Automated Insider Threat Detection System Using User and Role-Based Profile Assessment

  2017cites this paper
• Human-Machine Decision Support Systems for Insider Threat Detection

  2017cites this paper
• Validating an Insider Threat Detection System: A Real Scenario Perspective

  2016cites this paper
• Business Process Mining based Insider Threat Detection System

  2016cites this paper
• Comparison and Analysis of Anomaly Detection Methods for Detecting Data Exfiltration

  2016influential citation
• Insider threats, are they real bluster?

  2015cites this paper
• Caught in the act of an insider attack: detection and assessment of insider threat

  2015cites this paper
• Streaming data analytics for anomalies in graphs

  2015cites this paper
• Scalable anomaly detection in graphs

  2015cites this paper
• Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data

  2014cites this paper
• A partitioning approach to scaling anomaly detection in graph streams

  2014cites this paper
• A Practical Approach in Detection and Prevention of Insider Multi Transaction Malicious Activity

  2014cites this paper
• Analysis of Insiders Attack Mitigation Strategies

  2014cites this paper
• Incremental Anomaly Detection in Graphs

  2013cites this paper
• Stealthy software: Next-generation cyber-attacks and defenses

  2013cites this paper
• Evolving Insider Threat Detection Stream Mining Perspective

  2013cites this paper
• Evolving insider threat detection using stream analytics and big data

  2013cites this paper
• Algorithm to prevent and detect insider multi transaction malicious activity in database

  2013cites this paper
• Unsupervised incremental sequence learning for insider threat detection

  2012cites this paper
• Unsupervised Ensemble Based Learning for Insider Threat Detection

  2012cites this paper
• A Relative Feature Selection Algorithm for Graph Classification

  2012cites this paper
• Supervised Learning for Insider Threat Detection Using Stream Mining

  2011cites this paper
• Anomaly detection in multiple scale for insider threat analysis

  2011cites this paper