Automated insider threat detection system using user and role-based profile assessment
- Submitting institution
-
University of the West of England, Bristol
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 833649
- Type
- D - Journal article
- DOI
-
10.1109/JSYST.2015.2438442
- Title of journal
- IEEE Systems Journal
- Article number
- -
- First page
- 503
- Volume
- 11
- Issue
- 2
- ISSN
- 1932-8184
- Open access status
- Out of scope for open access requirements
- Month of publication
- June
- Year of publication
- 2015
- URL
-
http://dx.doi.org/10.1109/JSYST.2015.2438442
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
3
- Research group(s)
-
-
- Citation count
- 34
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This paper describes a novel insider threat detection system, that incorporates anomaly detection with multi-scale profiling of users, roles, and potential further groupings of users, using a tree-structured approach. We conducted a number of experimental case studies to assess the performance of our approach, using commonly-used datasets from the research community as well as curated scenarios developed by supporting researchers, where we found our approach was capable of identifying suspicious users in a variety of challenging scenarios. The research prototype was developed and deployed within a commercial organisation to provide further real-world validation of the proposed approach (Paul King, Cisco).
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -
