Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/78826
Title: Viability of novel insider threat detection framework on augmented real-world and simulated datasets
Authors: Xiong Tian
Keywords: Engineering::Electrical and electronic engineering
Issue Date: 2019
Abstract: Over the past few years, Insider threats have been a growing concern for the organizations. The concerns have arisen due to the reported cases of insider activities damages that have far out weighted the damaged caused by external factors. This have led to many studies that have been performed in attempt to identify insider threats. However, despite the widespread interest, organizations that have experienced insider threats are often reluctant to share the relevant data for further research studies. Recently, a novel insider threat detection framework which attempts to identify potential insider threats by building employee profiles based on the observed aspect-based sentiments in their emails was proposed. However, there is no available real-world email corpus with insider threat scenario that can be used to appropriately evaluate the feasibility of the framework. In this work, the working mechanism of the framework is first analysed and understood. Following that, the framework is applied on two different synthetic datasets namely, TWOS and Enron plus. Then in-depth analysis is performed on the results to estimate the viability of the framework in the real-world. When we applied the simulation dataset TWOS to insider threat detection framework, we found that the emotion polarity can correspond to three classical psychological behaviour theories. Then by comparing the accuracy obtained from TWOS and Enron plus, we further analysed the performance of the model on different datasets. Also, by analysing the difference between the actual situation and the results from the anomaly detection, it shows that anomaly detection results based on some aspects can agree with reality, but others cannot evaluate the user performance. Therefore, we believe that irrelevant aspects may limit the detection capabilities of the insider threat detection framework.
URI: http://hdl.handle.net/10356/78826
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:EEE Theses

Files in This Item:
File Description SizeFormat 
Dissertation_signed.pdf
  Restricted Access
1.17 MBAdobe PDFView/Open

Page view(s)

92
Updated on Jun 24, 2021

Download(s)

8
Updated on Jun 24, 2021

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.