Author : Zahedeh Zamanian 1
Date of Publication :5th December 2017
Abstract: Security in corporations is a crucial issue. As number of users in these corporation increases, the chance for having intruder also increases. It is important to develop effective methods to deal with such threat. Luckily, users leave electric footprint behind, as log files. Analyzing these log files results in examining users’ activity and detecting an intruder. Recent works have proposed methods for detecting intruders inside corporations. However, these methods are complex for today’s corporation. In this work, we proposed a lightweight and effective method to detect an intruder inside corporations using log files. The dataset in this work was provided from NextLabs, one of high-profile companies in information security. The experiment using random forest algorithm shows that this method detects intruders with 97.18% accuracy.
Reference :
-
- R. Prasad, “Insider Threat to Organizations in the Digital Era and Combat Strategies,” in Indo-US conference and workshop on "Cyber Security, Cyber Crime and Cyber Forensics, Kochi, India, 2009.
- P. A Diaz-Gomez, G. Vallecarcamo, and D. Jones, "Internal Vs. External Penetrations: A Computer Security Dilemma," The cybersecurity dilemma: hacking, trust and fear between nations, 2017.
- Robert Richardson, “CSIComputer Crime and Security Survey,” Computer Security Institute, 2010/2011.
- S. Bauer, and E. W. N. Bernroider, “From Information Security Awareness to Reasoned Compliant Action: Analyzing Information Security Policy Compliance in a Large Banking Organization,” SIGMIS Database, vol. 48, no. 3, pp. 44-68, 2017.
- R. Vaarandi, M. Kont, and M. Pihelgas, "Event log analysis with the LogCluster tool." pp. 982-987.
- J. D. Parmar, and J. T. Patel, “Anomaly Detection in Data Mining: A Review,” International Journal, vol. 7, no. 4, 2017
- J. Breier, and J. Branišová, “A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records,” Wireless Personal Communications, vol. 94, no. 3, pp. 497-511, June 01, 2017.
- K. Kinshumann, K. Glerum, S. Greenberg, G. Aul, V. Orgovan, G. Nichols, D. Grant, G. Loihle, and G. Hunt, “Debugging in the (very) large: ten years of implementation and experience,” Commun. ACM, vol. 54, no. 7, pp. 111- 116, 2011.
- S. Kobayashi, K. Fukuda, and H. Esaki, "Mining causes of network events in log data with causal inference." pp. 45- 53.