Supervised Learning for Insider Threat Detection Using Stream Mining

被引：33

作者：

Parveen, Pallabi ^{[1
]}

Weger, Zackary R. ^{[1
]}

Thuraisingham, Bhavani ^{[1
]}

Hamlen, Kevin ^{[1
]}

Khan, Latifur ^{[1
]}

机构：

[1] Univ Texas Dallas, Dept Comp Sci, Richardson, TX 75083 USA

来源：

2011 23RD IEEE INTERNATIONAL CONFERENCE ON TOOLS WITH ARTIFICIAL INTELLIGENCE (ICTAI 2011) | 2011年

关键词：

anomaly detection; support vector machine; insider threat; ensemble;

D O I：

10.1109/ICTAI.2011.176

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Insider threat detection requires the identification of rare anomalies in contexts where evolving behaviors tend to mask such anomalies. This paper proposes and tests an ensemble-based stream mining algorithm based on supervised learning that addresses this challenge by maintaining an evolving collection of multiple models to classify dynamic data streams of unbounded length. The result is a classifier that exhibits substantially increased classification accuracy for real insider threat streams relative to traditional supervised learning (traditional SVM and one-class SVM) and other single-model approaches.

引用

页码：1032 / 1039

页数：8

共 43 条

[1]

[Anonymous], 2004, CF196ARDA RAND NAT D

[2]

Ben Salem Malek, 2008, INSIDER ATTACK CYBER

[3] LIBSVM: A Library for Support Vector Machines [J].

Chang, Chih-Chung ;

Lin, Chih-Jen .

ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY, 2011, 2 (03)

[4]

Cook D., 1998, IEEE INTELL SYST APP, V15, P32

[5]

DARPA Intrusion Detectoin, 1998, DARPA INTR DET

[6]

Davidson BJ, 1998, ADVANCES IN HEAD AND NECK ONCOLOGY, P5

[7]

Domingos Pedro, KDD 2000, P71

[8]

Eberle W., 2007, INT C DAT MIN JUN

[9]

Eberle W., 2011, J APPL SECURITY RES, V6

[10]

Eskin E., 2000, WORKSH INTR DET PREV

← 1 2 3 4 5 →