Documente Academic
Documente Profesional
Documente Cultură
Abstract— Collaborative Information Systems (CIS) contains aggregated information at one place. This information
can be accessed by various categories of users for distinct or common purposes. As the users are diverse, security of
system is an issue of utmost concern. Security issues can be both from outside world i.e. outsider threat as well as
from authorized users of the system i.e. insider threat which proves even more difficult to detect. For outsider threat
detection various access control models are implemented in almost all the information systems which grant privileges
according to user’s rights which are again based on their roles. These roles are assumed to be known in advance. This
situation conflicts with the idea of collaborative information system where the roles may change according to the
shifting needs of the organization. Insider threat deals with authorized users trying to access subjects for other than
genuine reasons. This paper discusses the diverse research work done for anomaly detection. The exhaustive study is
done covering numerous approaches as graph based detection, statistical methods, pattern based findings etc. But it
emphasizes on insider threat detection which is more probable in case of collaborative information system.
I. INTRODUCTION
Collaborative information systems allow users to cooperate over various tasks. It also provides them with much broader
access privileges which prove beneficial in using the system. But the larger scope of access rights also results in
encouraging illegitimate as well as immoral use of information. As a result much work has been done to provide proper
access control which helps in providing security from outsider threat. Role based access control or experience based
access control is also implemented to gain more flexibility. Insider threat detection has evolved much lesser compared to
the outsider threat detection techniques. It is also difficult to detect, as the threats are authorized users who are
performing some activities which are not genuine. The insider threat detection mainly uses the anomaly detection
methods because of causing anomalous behaviour. Anomaly is understood as a pattern in the data that does not behave as
expected. It is also referred to as outliers, exceptions, peculiarities, surprise, etc. There are techniques in data mining too
for this type of threat detection. These are of two types supervised learning and unsupervised learning. Supervised
learning makes use of training set data which has to be available in advance. It has many problems e.g. necessity of
labelled data and inability to detect rare events. In contrast unsupervised learning methods do not require any such prior
information. Its success only depends on the proper selection of similarity measures, feature selection etc. This approach
is very helpful in detecting rare events called as outliers or exceptions by calculating the deviation from expected
behaviour.
Various systems such as specialized network anomaly detection system, community anomaly detection framework which
is the base of this project use the anomaly detection approach to detect the unnatural activities of authenticated users.
Generally there are two types of solutions which consider the insider threat. The first one uses access rules within the
system to control the user’s activities. The second method involves the review of patterns in which the user has behaved.
When there is a large organization, even if there are access rights provided, still the information can be gathered and
leaked in a wrong way. The two types are explained below.
A. Prevention of the insider threat
The prevention of insider threat mostly makes use of the access control frameworks to control the activities of
users..Almost all the access control frameworks check whether the request given to the system satisfies the access rights
provided to the user and also whether it agrees with the set of predefined rules. The problem with this kind of access
control is that it assumes the system to be static i.e. the users and system itself behaves in the same manner. But the
dynamic nature of Collaborative Information Systems is difficult to manage by implementing such kind of scenario. The
roles and task division are not always very feasible or easy in CIS. It may require a more flexible definition.
B. Detection of the insider threat
The approach discussed previously defines some zones where the user can act and get the required information from the
system. It is however very much possible to perform illicit activities in the allowed domain too i.e. users authorized for a
given zone can also do activities which is unethical but practically possible. The information from the authorized zones
can be misused. Also there are again two types of internal users which can harm the system. They are the following
1) Masqueraders
2) Traitors
IV. CONCLUSIONS
In this paper various approaches for insider threat detection have been discussed. Insider threat detection has gained
much importance lately due to the rapidly increasing use of common data by various users. It has been observed during
the survey that making data available exclusively to distinct users is not possible any more. Due to this reason various
users hold access for common data. This makes the detection of anomalous user very difficult. The work done in this
field has covered various ways to handle this situation by applying the techniques mentioned above. But still there is
much scope in this field to enhance the efficiency of existing frameworks .This may include modifying the algorithms
used, combing one or more approaches or bringing out an altogether new method.
REFERENCES
[1] Y. Chen and B. Malin, "Detection of anomalous insiders in collaborative environments via relational analysis of
access logs" Proceedings of the first ACM conference on Data and application security and privacy, pp. 63-74,
2011.
[2] Y. Chen, S. Nyemba, W. Zhang, and B. Malin, “Leveraging Social Networks to Detect Anomalous Insider Actions
in Collaborative Environments,” Proc. IEEE Ninth Intelligence and Security Informatics, pp. 119-124, 2011.
[3] W. Zhang, C. Gunter, D. Liebovitz, J. Tian, and B. Malin, “Role prediction Using Electronic Medical Record
System Audits,” Proc. Ann. Symp. Am. Medical Informatics Assoc., pp. 858-867, 2011.