Journal of Network and Information Security

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Anomalous Insiders Detection System using K-NN in Collaborative Information Systems


Affiliations
1 Department of Information Technology, Francis Xavier Engineering College, Tirunelveli, Tamil Nadu, India
2 Wicmad Technologies, Tirunelveli, Tamil Nadu, India
     

   Subscribe/Renew Journal


Collaborative Information Systems (CIS) allow users to belong to different groups to communicate and interfere with shared tasks or documents for collaboration. Current Intrusion Detection Systems are not effective in detecting insider threats where users work in dynamic teams. A malicious hacker who works as an employee of an organization or an outsider who acts as an employee by obtaining false credentials is called an insider threat and that malicious hacker may cause damages to the shared information. The proposed Neighborhood Anomaly Detection System (NADS), is an unsupervised learning framework to detect insider threats. NADs makes use of access logs of collaborative environments for Intrusion Detection. This framework is based on the observation that typical CIS users tend to form Neighborhood structures based on the subjects accessed. NADS consists of two components: 1) relational pattern extraction, where Neighborhood structures are derived and 2) anomaly prediction, which uses a statistical model based on relational pattern extraction. Based on the observations, the deviation of users from the communities they belong to is detected. It is capable to detect anomalous insiders in systems that use dynamic teams.

Keywords

Anomaly Detection, Data Mining, Insider Threat, Network Analysis.
Subscription Login to verify subscription
User
Notifications
Font Size


  • M.-L. Shyu, S.-C. Chen, K. Sarinnapakorn, and L. Chang, “A novel anomaly detection scheme based on principal component classifier,” Third IEEE International Conference on Data Mining (ICDM’03), 2003.

  • S. Shanbhag, and T. Wolf, “Accurate anomaly detection through parallelism,” IEEE Network, vol. 23, no. 1, pp. 22-28, 2009.

  • X. Song, M. Wu, C. Jermaine, and S. Ranka, “Conditional anomaly detection,” IEEE Transactions on Knowledge and Data Engineering, vol. 19, no. 5, pp. 631-645, 2007.

  • A. Kind, M. P. Stoecklin, and X. A. Dimitropoulos, “Histogram-based traffic anomaly detection,” IEEE Transactions on Network and Service Management, vol. 6, no. 2, pp. 110-121, 2009.

  • Y. Chen, S. Nyemba, W. Zhang, and B. Malin, “Leveraging social networks to detect anomalous insider actions in collaborative environments,” Proceedings of IEEE Ninth Intelligence and Security Informatics, pp. 119-124, 2011.

  • W. Eberle, and L. Holder, “Applying graph-based anomaly detection approaches to the discovery of insider threats,” Proceedings of IEEE International Conference on Intelligence and Security Informatics, pp. 206-208, 2009.


Abstract Views: 271

PDF Views: 0




  • Anomalous Insiders Detection System using K-NN in Collaborative Information Systems

Abstract Views: 271  |  PDF Views: 0

Authors

G. Thiraviaselvi
Department of Information Technology, Francis Xavier Engineering College, Tirunelveli, Tamil Nadu, India
G. Dhinese
Wicmad Technologies, Tirunelveli, Tamil Nadu, India

Abstract


Collaborative Information Systems (CIS) allow users to belong to different groups to communicate and interfere with shared tasks or documents for collaboration. Current Intrusion Detection Systems are not effective in detecting insider threats where users work in dynamic teams. A malicious hacker who works as an employee of an organization or an outsider who acts as an employee by obtaining false credentials is called an insider threat and that malicious hacker may cause damages to the shared information. The proposed Neighborhood Anomaly Detection System (NADS), is an unsupervised learning framework to detect insider threats. NADs makes use of access logs of collaborative environments for Intrusion Detection. This framework is based on the observation that typical CIS users tend to form Neighborhood structures based on the subjects accessed. NADS consists of two components: 1) relational pattern extraction, where Neighborhood structures are derived and 2) anomaly prediction, which uses a statistical model based on relational pattern extraction. Based on the observations, the deviation of users from the communities they belong to is detected. It is capable to detect anomalous insiders in systems that use dynamic teams.

Keywords


Anomaly Detection, Data Mining, Insider Threat, Network Analysis.

References