Anomaly detection on bipartite graphs for cyber situational awareness and threat detection

An email content-based insider threat detection model using anomaly detection algorithms

SSRN Electronic Journal ◽

10.2139/ssrn.3833744 ◽

2021 ◽

Author(s):

NaanKang Garba ◽

Sandip Rakshit ◽

Chai Dakun Maa ◽

Narasimha Rao Vajjhala

Keyword(s):

Anomaly Detection ◽

Insider Threat ◽

Threat Detection ◽

Detection Model ◽

Detection Algorithms

Download Full-text

Cyber situational awareness through network anomaly detection: state of the art and new approaches

e & i Elektrotechnik und Informationstechnik ◽

10.1007/s00502-015-0287-4 ◽

2015 ◽

Vol 132 (2) ◽

pp. 101-105 ◽

Cited By ~ 7

Author(s):

Ivo Friedberg ◽

Florian Skopik ◽

Roman Fiedler

Keyword(s):

Anomaly Detection ◽

Situational Awareness ◽

State Of The Art ◽

New Approaches ◽

Network Anomaly Detection

Download Full-text

The optimization of situational awareness for insider threat detection

Proceedings of the first ACM conference on Data and application security and privacy - CODASPY '11 ◽

10.1145/1943513.1943544 ◽

2011 ◽

Cited By ~ 7

Author(s):

Kenneth Brancik ◽

Gabriel Ghinita

Keyword(s):

Situational Awareness ◽

Insider Threat ◽

Threat Detection

Download Full-text

Relevance search and anomaly detection in bipartite graphs

ACM SIGKDD Explorations Newsletter ◽

10.1145/1117454.1117461 ◽

2005 ◽

Vol 7 (2) ◽

pp. 48-55 ◽

Cited By ~ 35

Author(s):

Jimeng Sun ◽

Huiming Qu ◽

Deepayan Chakrabarti ◽

Christos Faloutsos

Keyword(s):

Anomaly Detection ◽

Bipartite Graphs

Download Full-text

Anomaly detection of mobile positioning data with applications to COVID-19 situational awareness

Japanese Journal of Statistics and Data Science ◽

10.1007/s42081-021-00109-z ◽

2021 ◽

Author(s):

Stefano Maria Iacus ◽

Francesco Sermi ◽

Spyridon Spyratos ◽

Dario Tarchi ◽

Michele Vespe

Keyword(s):

Anomaly Detection ◽

Situational Awareness ◽

Mobile Positioning

Download Full-text

Secure and Resilient Artificial Intelligence of Things: a HoneyNet Approach for Threat Detection and Situational Awareness

IEEE Consumer Electronics Magazine ◽

10.1109/mce.2021.3081874 ◽

2021 ◽

pp. 1-1

Author(s):

Liang Tan ◽

Keping Yu ◽

Fangpeng Ming ◽

Xiaofeng Chen ◽

Gautam Srivastava

Keyword(s):

Artificial Intelligence ◽

Situational Awareness ◽

Threat Detection

Download Full-text

Anomaly Detection in Maritime AIS Tracks: A Review of Recent Approaches

Journal of Marine Science and Engineering ◽

10.3390/jmse10010112 ◽

2022 ◽

Vol 10 (1) ◽

pp. 112

Author(s):

Konrad Wolsing ◽

Linus Roepert ◽

Jan Bauer ◽

Klaus Wehrle

Keyword(s):

Risk Assessment ◽

Anomaly Detection ◽

Situational Awareness ◽

Automatic Detection ◽

Use Cases ◽

Research Articles ◽

Automatic Identification ◽

Identification System ◽

Collision Risk ◽

Potential Use

The automatic identification system (AIS) was introduced in the maritime domain to increase the safety of sea traffic. AIS messages are transmitted as broadcasts to nearby ships and contain, among others, information about the identification, position, speed, and course of the sending vessels. AIS can thus serve as a tool to avoid collisions and increase onboard situational awareness. In recent years, AIS has been utilized in more and more applications since it enables worldwide surveillance of virtually any larger vessel and has the potential to greatly support vessel traffic services and collision risk assessment. Anomalies in AIS tracks can indicate events that are relevant in terms of safety and also security. With a plethora of accessible AIS data nowadays, there is a growing need for the automatic detection of anomalous AIS data. In this paper, we survey 44 research articles on anomaly detection of maritime AIS tracks. We identify the tackled AIS anomaly types, assess their potential use cases, and closely examine the landscape of recent AIS anomaly research as well as their limitations.

Download Full-text

A General and Expandable Insider Threat Detection System Using Baseline Anomaly Detection and Scenario-Driven Alarm Filters

2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) ◽

10.1109/trustcom/bigdatase.2018.00110 ◽

2018 ◽

Cited By ~ 1

Author(s):

Guang Yang ◽

Lijun Cai ◽

Aimin Yu ◽

Dan Meng

Keyword(s):

Anomaly Detection ◽

Detection System ◽

Insider Threat ◽

Threat Detection

Download Full-text

Database Intrusion Detection Systems (DIDs): Insider Threat Detection via Behaviour-Based Anomaly Detection Systems - A Brief Survey of Concepts and Approaches

Communications in Computer and Information Science - Emerging Information Security and Applications ◽

10.1007/978-3-030-93956-4_11 ◽

2022 ◽

pp. 178-197

Author(s):

Muhammad Imran Khan ◽

Simon N. Foley ◽

Barry O’Sullivan

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Intrusion Detection Systems ◽

Insider Threat ◽

Threat Detection ◽

Detection Systems ◽

Database Intrusion Detection

Download Full-text

Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms

Applied Sciences ◽

10.3390/app9194018 ◽

2019 ◽

Vol 9 (19) ◽

pp. 4018 ◽

Cited By ~ 6

Author(s):

Kim ◽

Park ◽

Kim ◽

Cho ◽

Kang

Keyword(s):

Anomaly Detection ◽

User Behavior ◽

Behavior Modeling ◽

Detection Methods ◽

Insider Threat ◽

Threat Detection ◽

Insider Threats ◽

Domain Experts ◽

User Behavior Modeling ◽

Detection Algorithms

Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very familiar with an organization’s system, it is very difficult to detect their malicious behavior. Traditional insider-threat detection methods focus on rule-based approaches built by domain experts, but they are neither flexible nor robust. In this paper, we propose insider-threat detection methods based on user behavior modeling and anomaly detection algorithms. Based on user log data, we constructed three types of datasets: user’s daily activity summary, e-mail contents topic distribution, and user’s weekly e-mail communication history. Then, we applied four anomaly detection algorithms and their combinations to detect malicious activities. Experimental results indicate that the proposed framework can work well for imbalanced datasets in which there are only a few insider threats and where no domain experts’ knowledge is provided.

Download Full-text