BIFROST: A STATISTICAL ANALYSIS FRAMEWORK FOR DETECTING INSIDER THREAT ACTIVITIES ON CYBER SYSTEMS
Loading...
Authors
Findley, Scott E.
Subjects
insider threat
baseline development
cyber-security
information security
baseline development
cyber-security
information security
Advisors
Shaffer, Alan B.
Singh, Gurminder
Date of Issue
2019-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
The purpose of this research is to investigate, design and implement a statistical analysis-based insider threat detection product deployable to resource-disadvantaged systems and provide organizations with a method for baselining the network profiles and host activities unique to their operational environments. Our system design seeks to alert the system and its operators to invest greater monitoring resources against hosts who exhibit threat characteristics of insider activity and prevent such activities from inflicting harm on the system and/or causing an information-loss event for the organization. This system provides an initial starting point for future work, implementing one means of detecting insider threat activities; this implementation results in best- and worst-case detection rates of ~74% and ~68.2%, respectively, against our test data. We believe our framework provides a reasonable starting point for future work and improvement.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.