Le et al., 2021 - Google Patents
Exploring anomalous behaviour detection and classification for insider threat identificationLe et al., 2021
View PDF- Document ID
- 16050088734707990094
- Author
- Le D
- Zincir‐Heywood N
- Publication year
- Publication venue
- International Journal of Network Management
External Links
Snippet
Recently, malicious insider threats represent one of the most damaging threats to companies and government agencies. Insider threat detection is a highly skewed data analysis problem, where the huge class imbalance makes the adaptation of learning …
- 238000001514 detection method 0 title abstract description 92
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computer systems utilising knowledge based models
- G06N5/02—Knowledge representation
- G06N5/022—Knowledge engineering, knowledge acquisition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation, e.g. computer aided management of electronic mail or groupware; Time management, e.g. calendars, reminders, meetings or time accounting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N7/00—Computer systems based on specific mathematical models
- G06N7/005—Probabilistic networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for a specific business sector, e.g. utilities or tourism
- G06Q50/01—Social networking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Le et al. | Exploring anomalous behaviour detection and classification for insider threat identification | |
| Le et al. | Analyzing data granularity levels for insider threat detection using machine learning | |
| Al-Mhiqani et al. | A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations | |
| Al-Ghuwairi et al. | Intrusion detection in cloud computing based on time series anomalies utilizing machine learning | |
| Alghamdi et al. | An intelligent model for online recruitment fraud detection | |
| Pramanik et al. | Big data analytics for security and criminal investigations | |
| Ghazal et al. | DDoS intrusion detection with ensemble stream mining for IoT smart sensing devices | |
| Kim et al. | SoK: A Systematic Review of Insider Threat Detection. | |
| Du et al. | Digital Forensics as Advanced Ransomware Pre‐Attack Detection Algorithm for Endpoint Data Protection | |
| Ko et al. | Insider threat detection and its future directions | |
| Stroeh et al. | An approach to the correlation of security events based on machine learning techniques | |
| Zhang et al. | Detecting Insider Threat from Behavioral Logs Based on Ensemble and Self‐Supervised Learning | |
| Maseer et al. | Meta‐analysis and systematic review for anomaly network intrusion detection systems: Detection methods, dataset, validation methodology, and challenges | |
| Jiang et al. | An insider threat detection method based on user behavior analysis | |
| Tendikov et al. | Security Information Event Management data acquisition and analysis methods with machine learning principles | |
| Glass et al. | Web analytics for security informatics | |
| Wali et al. | Anomaly Detection in Fog Computing: State-of-the-Art Techniques, applications, Challenges, and Future Directions. | |
| Gao et al. | Deep temporal graph infomax for imbalanced insider threat detection | |
| Wang et al. | Data analytics for network intrusion detection | |
| Ahsan et al. | Privacy-preserving intrusion detection in software-defined VANET using federated learning with BERT | |
| Phan et al. | User identification via neural network based language models | |
| Yu et al. | Rumor identification with maximum entropy in micronet | |
| Tan | Deep Learning‐Driven Network Security Situation Awareness Method in 6G Environment | |
| Oueslati et al. | A survey on intrusion detection systems for IoT networks based on long short-term memory | |
| Ganeshan et al. | I-AHSDT: intrusion detection using adaptive dynamic directive operative fractional lion clustering and hyperbolic secant-based decision tree classifier |