Cyber Profiling for Insider Threat Detection

Author

Akaninyene Walter UdoeyopFollow

Date of Award

8-2010

Degree Type

Thesis

Degree Name

Master of Science

Major

Computer Engineering

Major Professor

Gregory D. Peterson

Committee Members

Itamar Arel, Hairong Qi

Abstract

Cyber attacks against companies and organizations can result in high impact losses that include damaged credibility, exposed vulnerability, and financial losses. Until the 21st century, insiders were often overlooked as suspects for these attacks. The 2010 CERT Cyber Security Watch Survey attributes 26 percent of cyber crimes to insiders. Numerous real insider attack scenarios suggest that during, or directly before the attack, the insider begins to behave abnormally. We introduce a method to detect abnormal behavior by profiling users. We utilize the k-means and kernel density estimation algorithms to learn a user’s normal behavior and establish normal user profiles based on behavioral data. We then compare user behavior against the normal profiles to identify abnormal patterns of behavior.

Recommended Citation

Udoeyop, Akaninyene Walter, "Cyber Profiling for Insider Threat Detection. " Master's Thesis, University of Tennessee, 2010.
https://trace.tennessee.edu/utk_gradthes/756