A Framework for Data-Driven Physical Security and Insider Threat Detection
| Title | A Framework for Data-Driven Physical Security and Insider Threat Detection |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Mavroeidis, V., Vishi, K., Jøsang, A. |
| Conference Name | 2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) |
| Keywords | Access Control, anomaly detection, Attack Pattern Reconstruction, Data analysis, data analytics, data-driven physical security, digital forensics, forensic data analysis, Forensics, Human Behavior, insider threat, Insider Threat Detection, insider threats mitigation, intrusion attempts, Metrics, ontological framework, Ontologies, ontologies (artificial intelligence), organizational security policies, Organizations, physical security, physical security architecture, Physical Security Definition, policy-based governance, provenance graphs, PSO, pubcrawl, resilience, risk management, rule-based anomaly detection, security of data, Security Ontology, Security Provenance, security provenance solution, security weaknesses |
| Abstract | This paper presents PSO, an ontological framework and a methodology for improving physical security and insider threat detection. PSO can facilitate forensic data analysis and proactively mitigate insider threats by leveraging rule-based anomaly detection. In all too many cases, rule-based anomaly detection can detect employee deviations from organizational security policies. In addition, PSO can be considered a security provenance solution because of its ability to fully reconstruct attack patterns. Provenance graphs can be further analyzed to identify deceptive actions and overcome analytical mistakes that can result in bad decision-making, such as false attribution. Moreover, the information can be used to enrich the available intelligence (about intrusion attempts) that can form use cases to detect and remediate limitations in the system, such as loosely-coupled provenance graphs that in many cases indicate weaknesses in the physical security architecture. Ultimately, validation of the framework through use cases demonstrates and proves that PS0 can improve an organization's security posture in terms of physical security and insider threat detection. |
| URL | https://ieeexplore.ieee.org/document/8508599 |
| DOI | 10.1109/ASONAM.2018.8508599 |
| Citation Key | mavroeidis_framework_2018 |
- pubcrawl
- organizational security policies
- Organizations
- physical security
- physical security architecture
- Physical Security Definition
- policy-based governance
- provenance graphs
- PSO
- ontologies (artificial intelligence)
- resilience
- risk management
- rule-based anomaly detection
- security of data
- Security Ontology
- Security Provenance
- security provenance solution
- security weaknesses
- Human behavior
- Anomaly Detection
- Attack Pattern Reconstruction
- data analysis
- Data Analytics
- data-driven physical security
- Digital Forensics
- forensic data analysis
- Forensics
- Access Control
- insider threat
- Insider Threat Detection
- insider threats mitigation
- intrusion attempts
- Metrics
- ontological framework
- Ontologies