Cyber insider mission detection for situation awareness

Haitao Du, Changzhou Wang, Tao Zhang, Shanchieh Jay Yang, Jai Choi, Peng Liu

Research output: Contribution to journalArticle

4 Scopus citations

Abstract

Cyber insider detection is challenging due to the difficulty in differentiating legitimate activities from malicious ones. This chapter will begin by providing a brief review of exiting works in the machine learning community that offer treatments to cyber insider detection. The reviewwill lead to our recent research advance that focuses on early detection of ongoing insider mission instead of trying to determine whether individual events are malicious or not.Multiple automated software agents are assumed to possess different account privileges on different hosts, to perform different dimensions of a complex insider mission. This work develops an integrated approach that utilizes Hidden Markov Models to estimate the suspicious level of insider activities, and then fuses these suspiciousness values across insider activity dimensions to estimate the progression of an insider mission. The fusion across cyber insider dimensions is accomplished using a combination of Fuzzy rules and Ordered Weighted Average functions. Experimental results based on simulated data show that the integrated approach detects the insider mission with high accuracy and in a timely manner, even in the presence of obfuscation techniques.

Original languageEnglish (US)
Pages (from-to)201-217
Number of pages17
JournalStudies in Computational Intelligence
Volume563
DOIs
StatePublished - 2015

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence

Fingerprint Dive into the research topics of 'Cyber insider mission detection for situation awareness'. Together they form a unique fingerprint.

  • Cite this