Skip to main content
Kent Academic Repository

A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models

Rashid, Tabish, Agrafiotis, Ioannis, Nurse, Jason R. C. (2016) A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models. In: MIST '16: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats. CCS Computer and Communications Security . pp. 47-56. ACM, New York, USA ISBN 978-1-4503-4571-2. (doi:10.1145/2995959.2995964) (KAR id:67482)

Abstract

The threat that malicious insiders pose towards organisations is a significant problem. In this paper, we investigate the task of detecting such insiders through a novel method of modelling a user's normal behaviour in order to detect anomalies in that behaviour which may be indicative of an attack. Specifically, we make use of Hidden Markov Models to learn what constitutes normal behaviour, and then use them to detect significant deviations from that behaviour. Our results show that this approach is indeed successful at detecting insider threats, and in particular is able to accurately learn a user's behaviour. These initial tests improve on existing research and may provide a useful approach in addressing this part of the insider-threat challenge.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1145/2995959.2995964
Subjects: Q Science
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Jason Nurse
Date Deposited: 03 Jul 2018 15:39 UTC
Last Modified: 04 Mar 2024 15:36 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/67482 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.