| Type of Document |
Master's Thesis |
| Author |
McKinney, Steven , |
| URN |
etd-05092008-154325 |
| Title |
Insider Threat: User Identification Via Process Profiling |
| Degree |
Master of Science |
| Graduate Program |
Computer Networking |
| Advisory Committee |
| Advisor Name |
Title |
| Dr. D. S. Reeves |
Committee Chair |
| Dr. J. Doyle |
Committee Member |
| Dr. P. Ning |
Committee Member |
|
| Keywords |
- process profiling
- user identification
- insider threat
|
| Date of Defense |
2008-05-07 |
| Availability |
unrestricted |
Abstract
The issue of insider threat is one that organizations have dealt with for many years. Insider threat research began in the early 80's, but has yet to provide satisfactory results despite the fact that insiders pose a greater threat to organizations than external attackers. One of the key issues relating to this problem is that the amount of collectable data is enormous and it is currently impossible to analyze all of it, for each insider, in a timely manner. The purpose of this research is to analyze a portion of this collectable data, process usage, and determine if this data is useful in identifying insiders. Identification of the person controlling the workstation is useful in environments where workstations are left unattended, even for a short amount of time. To do this, we developed an insider threat detection system based on the Naive Bayes method which examines process usage data and creates individual profiles for users. By comparing collected data to these profiles we are able to determine who is controlling the workstation with high accuracy. We are able to achieve true positive rates of 96\% while maintaining fewer than 0.5\% false positives.
|
| Files |
| Filename |
Size |
Approximate Download Time
(Hours:Minutes:Seconds)
|
| 28.8 Modem |
56K Modem |
ISDN (64 Kb) |
ISDN (128 Kb) |
Higher-speed Access |
| |
etd.pdf |
329.53 Kb |
00:01:31 |
00:00:47 |
00:00:41 |
00:00:20 |
00:00:01 |
|
