A Graph Based Framework for Malicious Insider Threat Detection
This addresses insider threats in cybersecurity, which impact national security and privacy, but the approach appears incremental as it builds on existing graphical and anomaly detection methods.
The paper tackles the problem of detecting malicious insider threats in cybersecurity by proposing a hybrid framework that combines graphical analysis and anomaly detection, achieving effectiveness in distinguishing typical users from suspicious ones.
While most security projects have focused on fending off attacks coming from outside the organizational boundaries, a real threat has arisen from the people who are inside those perimeter protections. Insider threats have shown their power by hugely affecting national security, financial stability, and the privacy of many thousands of people. What is in the news is the tip of the iceberg, with much more going on under the radar, and some threats never being detected. We propose a hybrid framework based on graphical analysis and anomaly detection approaches, to combat this severe cybersecurity threat. Our framework analyzes heterogeneous data in isolating possible malicious users hiding behind others. Empirical results reveal this framework to be effective in distinguishing the majority of users who demonstrate typical behavior from the minority of users who show suspicious behavior.