Conference item

A new take on detecting insider threats: Exploring the use of hidden Markov Models

Abstract:: The threat that malicious insiders pose towards organisations is a significant problem. In this paper, we investigate the task of detecting such insiders through a novel method of modelling a user's normal behaviour in order to detect anomalies in that behaviour which may be indicative of an attack. Specifically, we make use of Hidden Markov Models to learn what constitutes normal behaviour, and then use them to detect significant deviations from that behaviour. Our results show that this approach is indeed successful at detecting insider threats, and in particular is able to accurately learn a user's behaviour. These initial tests improve on existing research and may provide a useful approach in addressing this part of the insider-threat challenge.

Publication status:: Published

Peer review status:: Peer reviewed

Actions

Email

Email this record

Send the bibliographic details of this record to your email address.

Your Email
Please enter the email address that the record information will be sent to.

-
Your message (optional)
Please add any additional information to be included within the email.
Cite

Cite this record

APA Style

Rashid, T., Agrafiotis, I., & Nurse, J. (2016). A new take on detecting insider threats: Exploring the use of hidden Markov Models. 8th ACM CCS International Workshop on Managing Insider Security Threats, Vienna, Asutria, October 28-28, 2016.

MLA Style

Rashid, T., et al. “A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models.” 8th ACM CCS International Workshop on Managing Insider Security Threats, Vienna, Asutria, October 28-28, 2016, Association for Computing Machinery, 2016.

Chicago Style

Rashid, T, I Agrafiotis, and J Nurse. 2016. “A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models.” In 8th ACM CCS International Workshop on Managing Insider Security Threats, Vienna, Asutria, October 28-28, 2016. Association for Computing Machinery.
Share
Print

Access Document

Publisher copy:: 10.1145/2995959.2995964

Authors

+ Rashid, T More by this author

Institution:: University of Oxford
Division:: MPLS
Department:: Computer Science
Role:: Author

+ Agrafiotis, I More by this author

Institution:: University of Oxford
Division:: MPLS
Department:: Computer Science
Role:: Author

+ Nurse, J More by this author

Institution:: University of Oxford
Division:: MPLS
Department:: Computer Science
Role:: Author

Publisher:: Association for Computing Machinery
Host title:: 8th ACM CCS International Workshop on Managing Insider Security Threats, Vienna, Asutria, October 28-28, 2016
Journal:: 8th ACM CCS International Workshop on Managing Insider Security Threats More from this journal
Publication date:: 2016-10-28
Acceptance date:: 2016-09-10
Event location:: Vienna, Austria
DOI:: 10.1145/2995959.2995964

Keywords:: machine learning

anomaly detection system

insider threat
Pubs id:: pubs:646274
UUID:: uuid:3046f055-ccb2-4085-968d-053c1491215f
Local pid:: pubs:646274
Source identifiers:: 646274
Deposit date:: 2016-09-24

Terms of use

Copyright holder:: c 2016 ACM
Copyright date:: 2016

Licence:: Terms and Conditions of Use for Oxford University Research Archive

Views and Downloads

About views and downloads

If you are the owner of this record, you can report an update to it here: Report update to this record

TO TOP