Skip to main content

A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models

Rashid, Tabish, Agrafiotis, Ioannis, Nurse, Jason R. C. (2016) A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models. In: MIST '16: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats. CCS Computer and Communications Security . pp. 47-56. ACM, New York, USA ISBN 978-1-4503-4571-2. (doi:10.1145/2995959.2995964) (KAR id:67482)

PDF Author's Accepted Manuscript
Language: English
Download (785kB) Preview
[thumbnail of MIST2016-RAN-AuthorFinal.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL


The threat that malicious insiders pose towards organisations is a significant problem. In this paper, we investigate the task of detecting such insiders through a novel method of modelling a user's normal behaviour in order to detect anomalies in that behaviour which may be indicative of an attack. Specifically, we make use of Hidden Markov Models to learn what constitutes normal behaviour, and then use them to detect significant deviations from that behaviour. Our results show that this approach is indeed successful at detecting insider threats, and in particular is able to accurately learn a user's behaviour. These initial tests improve on existing research and may provide a useful approach in addressing this part of the insider-threat challenge.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1145/2995959.2995964
Subjects: Q Science
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Jason Nurse
Date Deposited: 03 Jul 2018 15:39 UTC
Last Modified: 16 Feb 2021 13:55 UTC
Resource URI: (The current URI for this page, for reference purposes)
Nurse, Jason R. C.:
  • Depositors only (login required):


Downloads per month over past year