Visible to the public Data-Driven Model-Based Detection of Malicious Insiders via Physical Access LogsConflict Detection Enabled

TitleData-Driven Model-Based Detection of Malicious Insiders via Physical Access Logs
Publication TypeConference Paper
Year of Publication2017
AuthorsCarmen Cheh, University of Illinois at Urbana-Champaign, Binbin Chen, Advanced Digital Sciences Center, Singapore, William G. Temple, A, Advanced Digital Sciences Center, Singapore, William H. Sanders, University of Illinois at Urbana-Champaign
Conference Name14th International Conference on Quantitative Evaluation of Systems (QEST 2017)
Date PublishedSeptember 2017
PublisherSpringer International Publishing
Conference LocationBerlin, Germany
KeywordsCyber-physical systems, insider threat, Intrusion detection, physical access, Physical movement, science of security, user behavior
Abstract

The risk posed by insider threats has usually been approached by analyzing the behavior of users solely in the cyber domain. In this paper, we show the viability of using physical movement logs, collected via a building access control system, together with an understanding of the layout of the building housing the system's assets, to detect malicious insider behavior that manifests itself in the physical domain. In particular, we propose a systematic framework that uses contextual knowledge about the system and its users, learned from historical data gathered from a building access control system, to select suitable models for representing movement behavior. We then explore the online usage of the learned models, together with knowledge about the layout of the building being monitored, to detect malicious insider behavior. Finally, we show the effectiveness of the developed framework using real-life data traces of user movement in railway transit stations.

URLhttps://link.springer.com/chapter/10.1007/978-3-319-66335-7_17#aboutcontent
DOIhttps://doi.org/10.1007/978-3-319-66335-7_17
Citation Keynode-37484

Other available formats:

Data-Driven Model-Based Detection of Malicious Insiders via Physical Access Logs
AttachmentSize
bytes