Author : Zahedeh Zamanian 1
Date of Publication :30th November 2017
Abstract: Security in corporations is a crucial issue. As number of users in these corporation increases, the chance of having intruder also increases. It is important to develop effective methods to deal with such threat. Luckily, users leave an electric footprint behind, as log files. Analyzing these log files results in examining users’ activity and detecting an intruder. Recent works have proposed methods for detecting intruders inside corporations. However, these methods are complex for today’s corporation. In this work, we proposed a lightweight and effective method to detect an intruder inside corporations using log files. The dataset in this work was provided from NextLabs, one of the high-profile companies in information security. The experiment using random forest algorithm shows that this method detects intruders with 97.18% accuracy
Reference :
-
- R. Prasad, “Insider Threat to Organizations in the Digital Era and Combat Strategies,” in Indo-US conference and workshop on "Cyber Security, Cyber Crime and Cyber Forensics, Kochi, India, 2009.
- P. A Diaz-Gomez, G. Vallecarcamo, and D. Jones, "Internal Vs. External Penetrations: A Computer Security Dilemma," The cybersecurity dilemma: hacking, trust and fear between nations, 2017.
- Robert Richardson, “CSIComputer Crime and Security Survey,” Computer Security Institute, 2010/2011.
- S. Bauer, and E. W. N. Bernroider, “From Information Security Awareness to Reasoned Compliant Action: Analyzing Information Security Policy Compliance in a Large Banking Organization,” SIGMIS Database, vol. 48, no. 3, pp. 44-68, 2017.
- R. Vaarandi, M. Kont, and M. Pihelgas, "Event log analysis with the LogCluster tool." pp. 982-987. [6] J. D. Parmar, and J. T. Patel, “Anomaly Detection in Data Mining: A Review,” International Journal, vol. 7, no. 4, 2017.
- J. Breier, and J. Branišová, “A Dynamic Rule Creation Based Anomaly Detection Method for Identifying Security Breaches in Log Records,” Wireless Personal Communications, vol. 94, no. 3, pp. 497-511, June 01, 2017.
- K. Kinshumann, K. Glerum, S. Greenberg, G. Aul, V. Orgovan, G. Nichols, D. Grant, G. Loihle, and G. Hunt, “Debugging in the (very) large: ten years of implementation and experience,” Commun. ACM, vol. 54, no. 7, pp. 111-116, 2011.
- S. Kobayashi, K. Fukuda, and H. Esaki, "Mining causes of network events in log data with causal inference." pp. 45-53.
- Q. Lin, H. Zhang, J.-G. Lou, Y. Zhang, and X. Chen, “Log clustering based problem identification for online service systems,” in Proceedings of the 38th International Conference on Software Engineering Companion, Austin, Texas, 2016, pp. 102-111.
- K. Nagaraj, C. Killian, and J. Neville, "Structured comparative analysis of systems logs to diagnose performance problems." pp. 26-26.
- H. Li, W. Shang, Y. Zou, and A. E. Hassan, “Towards just-in-time suggestions for log changes,” Empirical Software Engineering, vol. 22, no. 4, pp. 1831- 1865, August 01, 2017.
- F. Abbors, D. Truscan, and T. Ahmad, "Mining Web Server Logs for Creating Workload Models," Software Technologies: 9th International Joint Conference, ICSOFT 2014, Vienna, Austria, August 29-31, 2014, Revised Selected Papers, A. Holzinger, J. Cardoso, J. Cordeiro, T. Libourel, L. A. Maciaszek and M. van Sinderen, eds., pp. 131-150, Cham: Springer International Publishing, 2015.
- A. Chuvakin, K. Schmidt, and C. Phillips, "Chapter 2 - What is a Log?," Logging and Log Management ,The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management, pp. 29-49, Boston: Syngress, 2013.
- J. Breier, and J. Branišová, "Anomaly Detection from Log Files Using Data Mining Techniques," Information Science and Applications, K. J. Kim, ed., pp. 449-457, Berlin, Heidelberg: Springer Berlin Heidelberg, 2015.
- V. Chandola, A. Banerjee, and V. Kumar, “Anomaly detection: A survey,” ACM Comput. Surv., vol. 41, no. 3, pp. 1-58, 2009.
- S. Agrawal, and J. Agrawal, “Survey on anomaly detection using data mining techniques,” Procedia Computer Science, vol. 60, pp. 708-713, 2015.
- P. Gogoi, B. Borah, and D. K. Bhattacharyya, Anomaly Detection Analysis of Intrusion Data Using Supervised & Unsupervised Approach, 2010.
- F. L. Greitzer, D. A. Frincke, and M. Zabriskie, “Social/ethical issues in predictive insider threat monitoring,” Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives, pp. 132-161, 2010.
- I. A. Gheyas, and A. E. Abdallah, “Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis,” Big Data Analytics, vol. 1, no. 1, pp. 6, August 30, 2016.
- A. Ambre, and N. Shekokar, “Insider threat detection using log analysis and event correlation,” Proc Comp Sci, vol. 45, 2015.
- H. Eldardiry, E. Bart, J. Liu, J. Hanley, B. Price, and O. Brdiczka, "Multi-domain information fusion for insider threat detection," 2013 IEEE Security and Privacy Workshops, San Francisco: IEEE, 2013.
- D. Liu, X. Wang, and J. Camp, “Game-theoretic modeling and analysis of insider threats,” International Journal of Critical Infrastructure Protection, vol. 1, pp. 75-80, 2008.
- M. Kandias, V. Stavrou, N. Bozovic, L. Mitrou, and D. Gritzalis, "Can we trust this user? Predicting insider's attitude via YouTube usage profiling." pp. 347-354.
- J. Peng, K.-K. R. Choo, and H. Ashman, “User profiling in intrusion detection: A review,” Journal of Network and Computer Applications, vol. 72, pp. 14-27, 2016.
- K. W. Kongsg, #229, rd, N. A. Nordbotten, F. Mancini, and P. E. Engelstad, “An Internal/Insider Threat Score for Data Loss Prevention and Detection,” in Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics, Scottsdale, Arizona, USA, 2017, pp. 11-16.
- A. S. McGough, D. Wall, J. Brennan, G. Theodoropoulos, E. Ruck-Keene, B. Arief, C. Gamble, J. Fitzgerald, A. v. Moorsel, and S. Alwis, “Insider Threats: Identifying Anomalous Human Behaviour in Heterogeneous Systems Using Beneficial Intelligent Software (Ben-ware),” in Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, Denver, Colorado, USA, 2015, pp. 1-12.
- S. D. Bhattacharjee, J. Yuan, Z. Jiaqi, and Y.-P. Tan, “Context-aware graph-based analysis for detecting