EXPERIMENTAL ANALYSIS WITH BEHAVIOR RELIANCE INSIDER THREAT DETECTION MODEL

Authors:

K. Venkateswara Rao,T. Uma Devi,

DOI NO:

https://doi.org/10.26782/jmcms.2020.05.00021

Keywords:

ITDM,BRAD Process flow,Anomaly Detection,Malicious Insider Threat Detection,

Abstract

Malicious insiders are executing the severe attacks on cloud by misusing their privileges, which leads to the irreversible damages and loss of reputation. As the malicious insiders are authorized and integral part of the cloud, detecting and obstructing them to prevent the cloud from malicious attacks, became the complex and instantly focusable research aspect. An efficient “Insider Threat Detection Model” was proposed using the behavior reliance anomaly detection process. This paper elucidates Behavior Reliance Insider Threat Detection Model (BRITDM) implementation process and an empirical study was also conducted on the proposed model. Amazon AWS modeled log file input records were used as input to detect the insider activities, using the proposed Behavior Reliance Anomaly Detection (BRAD) four layer architecture. Detailed user and admin activities were collected from the cloud log files that are represented in JSON format. JSQL Parser used for the query knowledge extraction and to create XML Tree. SVM classifier is trained with Compact Prediction Tree (CPT) structures knowledge starts with the comparison of admin executed activity query knowledge against the respective CPT structures of design level activity base, to determine whether the executed admin activity is malicious or not according to the BRAD four layered architecture. Cloud BRITDM processed 30 input records and resulted 5 as unique activities, 5 as abnormal, 2 as unintended suspicious activities and one as intended insider thereat and reaming are normal activities. Experimental results shown the proposed BRITDM performed well in identifying the unique, abnormal, and suspicious and threats from insider activities.

Refference:

I. AWS CloudTrail: User Guide by Amazon AWS. Version-1, 2020, https://docs.aws.amazon.com/awscloudtrail/latest/userguide/awscloudtrail-ug.pdf

II. Bray, T. (2014). The JavaScript Object Notation (JSON) Data Interchange Format. RFC, 7158, 1-16

III. Cost of Insider Threats: Global Organizations,” https://www.observeit.com/ponemon-report-cost-of-insider-threats”

IV. Dawn Cappelli, Andrew Moore and Randall Trzeciak “The CERT Guide to Insider Threats”,Addison-Wesely,2012PearsonEducation, Inc.http://ptgmedia.pearsoncmg.com/images/9780321812575/samplepages/9780321812575.pdf

V. Eberle, William & Holder, Lawrence & Graves, Jeffrey. (2010). Insider Threat Detection Using a Graph-Based Approach. Journal of Applied Security Research. 6. 10.1080/19361610.2011.529413.

VI. Greitzer, F. L., &Hohimer, R. E. (2011). Modeling human behavior to anticipate insider attacks. Journal of Strategic Security, 4(2), 25

VII. Gueniche T., Fournier-Viger P., Raman R., Tseng V.S. (2015) CPT+: Decreasing the Time/Space Complexity of the Compact Prediction Tree. In: Cao T., Lim EP., Zhou ZH., Ho TB., Cheung D., Motoda H. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2015. Lecture Notes in Computer Science, vol 9078. Springer, Cham.

VIII. IBM X-Force Threat Intelligence Index Report “https://www.ibm.com/security/data-breach/threat-intelligence”

IX. Isaac Kohen, “2018 Crowd Research Partners ‘Insider Threat Report’: hopes and fears revealed”, 29 NOVEMBER 2017. http://crowdresearchpartners.com/wp-content/uploads/2017/07/Insider-Threat-Report-2018.pdf
X. Insider Threat Statistics for 2019: Facts and Figures : ”https://www.ekransystem.com/en/blog/insider-threat-statistics-facts-and-figures ”
XI. Jackson Project Home @github “https://github.com/FasterXML/jackson”

XII. Java Sql Parser, “http://jsqlparser.sourceforge.net/”.

XIII. K.VenkateswaraRao, Dr. T.Uma Devi “Architecture of Insider Threat Detection Model to Counter the Malicious Insider Threats on Cloud”, JASC: Journal of Applied Science and Computations – Volume 5, Issue 10, October/2018.

XIV. K.VenkateswaraRao, Dr. T.Uma Devi“Behavior Reliance Anomaly Detection with Customized Compact Prediction Trees”International Journal of Innovative Technology and Exploring Engineering (IJITEE)’, Volume-8 Issue-8, June 2019 https://www.ijitee.org/download/volume-8-issue-8/

XV. Kandias, Miltiadis&Virvilis, Nikos &Gritzalis, Dimitris. (2013). “The Insider Threat in Cloud Computing”. 6983. 93-103. 10.1007/978-3-642-41476-3_8.

XVI. P. Chattopadhyay, L. Wang and Y. Tan, “Scenario-Based Insider Threat Detection From Cyber Activities,” in IEEE Transactions on Computational Social Systems, vol. 5, no. 3, pp. 660-675, Sept. 2018.

XVII. S. Ceri and G. Gottlob, “Translating SQL Into Relational Algebra: Optimization, Semantics, and Equivalence of SQL Queries,” in IEEE Transactions on Software Engineering, vol. SE-11, no. 4, pp. 324-345, April 1985.

View Download