Skip to main content

A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models

Rashid, Tabish, Agrafiotis, Ioannis, Nurse, Jason R. C. (2016) A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models. In: MIST '16: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats. CCS Computer and Communications Security . pp. 47-56. ACM, New York, USA ISBN 978-1-4503-4571-2. (doi:10.1145/2995959.2995964)

PDF - Author's Accepted Manuscript
Download (785kB) Preview
Official URL


The threat that malicious insiders pose towards organisations is a significant problem. In this paper, we investigate the task of detecting such insiders through a novel method of modelling a user's normal behaviour in order to detect anomalies in that behaviour which may be indicative of an attack. Specifically, we make use of Hidden Markov Models to learn what constitutes normal behaviour, and then use them to detect significant deviations from that behaviour. Our results show that this approach is indeed successful at detecting insider threats, and in particular is able to accurately learn a user's behaviour. These initial tests improve on existing research and may provide a useful approach in addressing this part of the insider-threat challenge.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1145/2995959.2995964
Subjects: Q Science
T Technology
Divisions: Faculties > Sciences > School of Computing > Security Group
Faculties > Sciences > School of Computing > Data Science
Depositing User: Jason Nurse
Date Deposited: 03 Jul 2018 15:39 UTC
Last Modified: 29 Sep 2019 19:08 UTC
Resource URI: (The current URI for this page, for reference purposes)
Nurse, Jason R. C.:
  • Depositors only (login required):


Downloads per month over past year