Journal of Network and Information Security

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A Big Data Approach Towards Detection of Insider Attack


Affiliations
1 Department of Computer Engineering and IT, College of Engineering, Pune, Maharashtra, India
     

   Subscribe/Renew Journal


In a big data system, infrastructure is made up like that large number of information is stored on a server which has all client’s data and other data also and that data is used by users, basically they host the data. Information security is considered as a major challenge in such system. From a client’s standpoint, the biggest risks in using big data systems is that they have to believe on the service provider of big data system, this system are owns and designed by service provider, user have to store and access that data so that they have lot of risk about it.

Methodology:

This work propose a new system architecture in which insider attacks can be identified by using the repetition of data on different nodes in the system. From all of the attacks, Insider attacks are one of today’s most difficult cyber security problem that are not well addressed by commonly employed security solutions. Until several scientific research paper published in domain of insider attack, this paper certify that the field can benefit from the proposed structure, taxonomy and novel categorization of research that contribute to the organization of insider attack incidents and the defense solutions used for them. The target of our order is to systematize learning in insider threat research, while utilizing existing ground theory strategy for rigorous literature review Work process of proposed system categories among some classes that include: 1) Events and datasets, 2) Examination of attackers, 3) Process act, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present an auxiliary scientific classification of insider threat incidents, which is based on existing taxonomies.

Outcome:

This paper will help to improve researcher’s work in the domain of insider attack, because it provides following things: 1) Time-to-time an updated and mostly available datasets that can be helpful for testing new detection jnissolutions against different attack, 2) References of existing case studies and architecture of insider’s behaviors is used for the purpose of testing defense solutions or expanding their coverage, 3) An exchange of knowledge about current patterns and further research directions that can be used for thinking in the insider risk space.


Keywords

Big Data, Hadoop, Internal Attack Detection, Intrusion Detection, Security, Spam, Spark.
Subscription Login to verify subscription
User
Notifications
Font Size


  • S. Aditham, and N. Ranganathan, “A system architecture for the detection of insider attacks in big data systems,” IEEE Transactions on Dependable and Secure Computing, 2017.

  • Vormetric. “2015 Insider Threat Report,” Vormetric, Inc., 1st September 2015. Web. 1st January 2016.

  • M. B. Salem, S. Hershkop, and S. J. Stolfo, “A survey of insider attack detection research,” Insider Attack and Cyber Security, pp. 69-90, Springer, Boston, MA, 2008.

  • T. White, Hadoop: The Definitive Guide, O’Reilly Media, Inc., 2012.

  • M. Zaharia, M. Chowdhury, M. J. Franklin, S. Shenker, and I. Stoica, “Spark: Cluster computing with working sets,” Hot Cloud 10, pp. 10-10, 2010.

  • B. C. Neuman, and T. Ts’o, “Kerberos: An authentication service for computer networks,” IEEE Communications Magazine, vol. 32, no. 9, pp. 33-38, 1994.

  • S. Aditham, and N. Ranganathan, “A novel framework for mitigating insider attacks in big data systems,” 2015 IEEE International Conference on Big Data (Big Data), IEEE, 2015.

  • S. Khandelwal, “Juniper firewalls with screenOS back doored since 2012,” The Hacker News, 18th December 2015.

  • I. Homoliak, F. Toffalini, J. Guarnizo, Y. Elovici, and M. Ochoa, “Insight into insiders: A survey of insider threat taxonomies, analysis, modeling, and countermeasures,” 2018. Available: https://arxiv.org/abs/1805.01612

  • D. Cappelli, A. P. Moore, R. F. Trzeciak, and T. J. Shimeall, “Common sense guide to prevention and detection of insider threats 3rd ed. - version 3.1,” Published by CERT, Software Engineering Institute, Carnegie Mellon University, 2009. Available: http://www.cert.org

  • J. F. Wolfswinkel, E. Furtmueller, and C. P. M. Wilderom, “Using grounded theory as a method for rigorously reviewing literature,” European Journal of Information Systems, vol. 22, no. 1, pp. 45-55, 2013.

  • H. Poll, and A. Kellett, “Vormetric Insider Threat Report,” 2015.

  • A. Azaria, A. Richardson, S. Kraus, and V. S. Subrahmanian, “Behavioral analysis of insider threat: A survey and bootstrapped prediction in imbalanced data,” IEEE Transactions on Computational Social Systems, vol. 1, no. 2, pp. 135-155, 2014.

  • S. L. Pfleeger, J. B. Predd, J, Hunker, and C. Bulford, “Insiders behaving badly: Addressing bad actors and their actions,” IEEE Transactions on Information Forensics and Security, vol. 5, no. 1, pp. 169-179, 2010.

  • R. Garfinkel, R. Gopal, and P. Goes, “Privacy protection of binary confidential data against deterministic, stochastic, and insider threat,” Management Science, vol. 48, no. 6, pp. 749-764, 2002.


Abstract Views: 188

PDF Views: 0




  • A Big Data Approach Towards Detection of Insider Attack

Abstract Views: 188  |  PDF Views: 0

Authors

Vikar Ansar Shaikh
Department of Computer Engineering and IT, College of Engineering, Pune, Maharashtra, India
Tanuja R. Pattanshetti
Department of Computer Engineering and IT, College of Engineering, Pune, Maharashtra, India

Abstract


In a big data system, infrastructure is made up like that large number of information is stored on a server which has all client’s data and other data also and that data is used by users, basically they host the data. Information security is considered as a major challenge in such system. From a client’s standpoint, the biggest risks in using big data systems is that they have to believe on the service provider of big data system, this system are owns and designed by service provider, user have to store and access that data so that they have lot of risk about it.

Methodology:

This work propose a new system architecture in which insider attacks can be identified by using the repetition of data on different nodes in the system. From all of the attacks, Insider attacks are one of today’s most difficult cyber security problem that are not well addressed by commonly employed security solutions. Until several scientific research paper published in domain of insider attack, this paper certify that the field can benefit from the proposed structure, taxonomy and novel categorization of research that contribute to the organization of insider attack incidents and the defense solutions used for them. The target of our order is to systematize learning in insider threat research, while utilizing existing ground theory strategy for rigorous literature review Work process of proposed system categories among some classes that include: 1) Events and datasets, 2) Examination of attackers, 3) Process act, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present an auxiliary scientific classification of insider threat incidents, which is based on existing taxonomies.

Outcome:

This paper will help to improve researcher’s work in the domain of insider attack, because it provides following things: 1) Time-to-time an updated and mostly available datasets that can be helpful for testing new detection jnissolutions against different attack, 2) References of existing case studies and architecture of insider’s behaviors is used for the purpose of testing defense solutions or expanding their coverage, 3) An exchange of knowledge about current patterns and further research directions that can be used for thinking in the insider risk space.


Keywords


Big Data, Hadoop, Internal Attack Detection, Intrusion Detection, Security, Spam, Spark.

References