Discovering Insider Threats from Log Data with High-Performance Bioinformatics Tools
| Title | Discovering Insider Threats from Log Data with High-Performance Bioinformatics Tools |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Wurzenberger, Markus, Skopik, Florian, Fiedler, Roman, Kastner, Wolfgang |
| Conference Name | Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4571-2 |
| Keywords | anomaly detection, Damage Assessment, insider threat, log data clustering, Network reconnaissance, Outlier detection, pubcrawl, Resiliency |
| Abstract | Since the number of cyber attacks by insider threats and the damage caused by them has been increasing over the last years, organizations are in need for specific security solutions to counter these threats. To limit the damage caused by insider threats, the timely detection of erratic system behavior and malicious activities is of primary importance. We observed a major paradigm shift towards anomaly-focused detection mechanisms, which try to establish a baseline of system behavior - based on system logging data - and report any deviations from this baseline. While these approaches are promising, they usually have to cope with scalability issues. As the amount of log data generated during IT operations is exponentially growing, high-performance security solutions are required that can handle this huge amount of data in real time. In this paper, we demonstrate how high-performance bioinformatics tools can be leveraged to tackle this issue, and we demonstrate their application to log data for outlier detection, to timely detect anomalous system behavior that points to insider attacks. |
| URL | http://doi.acm.org/10.1145/2995959.2995973 |
| DOI | 10.1145/2995959.2995973 |
| Citation Key | wurzenberger_discovering_2016 |