AI Lessons Learned from Experiments in Insider Threat Detection
نویسندگان
چکیده
Although AI has been successfully applied to many different domains with different characteristics, the task of applying a solution that is successful in one problem domain to a different domain remains far from automatic. Even the simpler task of applying a solution to a related but different domain is problematic. In this paper, we discuss various problems that can occur when trying to solve a classification problem in a new problem domain (insider threat) by trying previously successful approaches in a related problem domain (intrusion detection). We examine in depth why our results in the new problem domain did not reflect the successes from the previous domain. We conclude with various lessons learned that can be used when approaching a new problem domain.
منابع مشابه
Insider Threat Detection in PRODIGAL
This paper reports on insider threat detection research, during which a prototype system (PRODIGAL) was developed and operated as a testbed for exploring a range of detection and analysis methods. The data and test environment, system components, and the core method of unsupervised detection of insider threat leads are presented to document this work and benefit others working in the insider th...
متن کاملOutlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection
Insider threat detection is an emergent concern for industries and governments due to the growing number of attacks in recent years. Several Machine Learning (ML) approaches have been developed to detect insider threats, however, they still suffer from a high number of false alarms. None of those approaches addressed the insider threat problem from the perspective of stream mining data where a ...
متن کاملTowards a Conceptual Model and Reasoning Structure for Insider Threat Detection
The insider threat faced by corporations and governments today is a real and significant problem, and one that has become increasingly difficult to combat as the years have progressed. From a technology standpoint, traditional protective measures such as intrusion detection systems are largely inadequate given the nature of the ‘insider’ and their legitimate access to prized organisational data...
متن کاملData Collection and Analysis for Masquerade Attack Detection: Challenges and Lessons Learned
Real-world large-scale data collection poses an important challenge in the security field. Insider and masquerader attack data collection poses even a greater challenge. Very few organizations acknowledge such breaches because of liability concerns and potential implications on their market value. This caused the scarcity of real-world data sets that could be used to study insider and masquerad...
متن کاملOn the Design and Execution of Cyber-Security User Studies: Methodology, Challenges, and Lessons Learned
Real-world data collection poses an important challenge in the security field. Insider and masquerader attack data collection poses even a greater challenge. Very few organizations acknowledge such breaches because of liability concerns and potential implications on their market value. This caused the scarcity of real-world data sets that could be used to study insider and masquerader attacks. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006