Mason Archival Repository Service

Detecting Threatening Behavior Using Bayesian Networks

Show simple item record

dc.contributor.author AlGhamdi, Ghazi
dc.contributor.author Laskey, Kathryn B.
dc.contributor.author Wang, Xun
dc.contributor.author Barbará, Daniel
dc.contributor.author Shackelford, Thomas
dc.contributor.author Wright, Edward J.
dc.contributor.author Fitzgerald, Julie
dc.date.accessioned 2006-03-06T15:11:39Z
dc.date.available 2006-03-06T15:11:39Z
dc.date.issued 2006-03-06T15:11:39Z
dc.identifier.uri https://hdl.handle.net/1920/541
dc.identifier.uri http://ite.gmu.edu/~klaskey/papers/BRIMS04_InsiderThreat.pdf
dc.description The views, opinions, and findings contained in this paper are those of the author(s) and should not be construed as an official position, policy, or decision, of ARDA, the Department of the Interior, or the US Navy unless so designated by other official documentation en
dc.description.abstract This paper presents an innovative use of human behavior models for detecting insider threats to information systems. While most work in information security concerns detecting and responding to intruders, violations of system security policy by authorized computer users present a major threat to information security. A promising approach to detection and response is to model behavior of normal users and threats, and apply sophisticated inference methods to detect patterns of behavior that deviate from normal behavior in ways suggesting a possible security threat. This paper presents an approach, based on multi-entity Bayesian networks, to modeling user queries and detecting situations in which users in sensitive positions may be accessing documents outside their assigned areas of responsibility. Such unusual access patterns might be characteristic of users attempting illegal activities such as disclosure of classified information. We present a scalable proof of concept behavior model, provide an experimental demonstration of its ability to detect unusual access patterns in simulated situations, and describe future plans to increase the realism and fidelity of the model.
dc.description.sponsorship Work for this paper was performed under funding provided by the Advanced Research and Development Activity (ARDA), under contract NBCHC030059, issued by the Department of the Interior. Additional support was provided by the US Navy. en
dc.format.extent 178168 bytes
dc.format.mimetype application/pdf
dc.language.iso en_US en
dc.relation.ispartofseries C3I-04-01 en
dc.subject information security en_US
dc.subject behavioral model en_US
dc.subject multi-entity Bayesian networks en_US
dc.subject document relevance en_US
dc.subject insider threat detection en_US
dc.subject access control en_US
dc.title Detecting Threatening Behavior Using Bayesian Networks en
dc.type Presentation en
dc.type Technical Report en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search MARS


Browse

My Account

Statistics