 Insider threat detection: Where and how data science appliesDerek Lin Cyber Security: A Peer-Reviewed Journal, 2018, vol. 2, issue 3, 211-218 Abstract: Insider threats are one of the top concerns of enterprise security. Traditional means of addressing general security threats, such as the use of signature matching and correlation rules, fall short when detecting insider threats. New possibilities for detecting insider threats have emerged as a result of the data-driven approach to security problems. Insider threat activities are multifaceted and require that security teams address the problem on multiple fronts. This paper introduces four areas where data science can be applied when building a system that detects threats. These four areas include the use of statistical analysis for anomaly detection, contextual information derivation for network intelligence, specific threat detection use cases, and meta learning for false positive control. Example use cases within each category are described, as well as how data science is used to approach them. The goal of this paper is to provide the general security audience with an overview of data science applications for insider threat detection. Keywords: insider threat; data science; machine learning; SIEM; user and entity behaviour analytics (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2018:v:2:i:3:p:211-218 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.