Behavioral analysis of insider threat: A survey and bootstrapped prediction in imbalanced data

Amos Azaria, Ariella Richardson, Sarit Kraus, V. S. Subrahmanian

Research output: Contribution to journalReview articlepeer-review

104 Scopus citations

Abstract

The problem of insider threat is receiving increasing attention both within the computer science community as well as government and industry. This paper starts by presenting a broad, multidisciplinary survey of insider threat capturing contributions from computer scientists, psychologists, criminologists, and security practitioners. Subsequently, we present the behavioral analysis of insider threat (BAIT) framework, in which we conduct a detailed experiment involving 795 subjects on Amazon Mechanical Turk (AMT) in order to gauge the behaviors that real human subjects follow when attempting to exfiltrate data from within an organization. In the real world, the number of actual insiders found is very small, so supervised machine-learning methods encounter a challenge. Unlike past works, we develop bootstrapping algorithms that learn from highly imbalanced data, mostly unlabeled, and almost no history of user behavior from an insider threat perspective. We develop and evaluate seven algorithms using BAIT and show that they can produce a realistic (and acceptable) balance of precision and recall.

Original languageEnglish
Article number7010900
Pages (from-to)135-155
Number of pages21
JournalIEEE Transactions on Computational Social Systems
Volume1
Issue number2
DOIs
StatePublished - 1 Jun 2014
Externally publishedYes

Keywords

  • Behavioral models
  • computer security
  • insider threat

Fingerprint

Dive into the research topics of 'Behavioral analysis of insider threat: A survey and bootstrapped prediction in imbalanced data'. Together they form a unique fingerprint.

Cite this