DocumentCode
3735342
Title
AD2: Anomaly detection on active directory log data for insider threat monitoring
Author
Chih-Hung Hsieh;Chia-Min Lai;Ching-Hao Mao;Tien-Cheu Kao;Kuo-Chen Lee
Author_Institution
Institute of Informaiton Industry, Taipei, Taiwan
fYear
2015
Firstpage
287
Lastpage
292
Abstract
What you see is not definitely believable is not a rare case in the cyber security monitoring. However, due to various tricks of camouflages, such as packing or virutal private network (VPN), detecting "advanced persistent threat"(APT) by only signature based malware detection system becomes more and more intractable. On the other hand, by carefully modeling users´ subsequent behaviors of daily routines, probability for one account to generate certain operations can be estimated and used in anomaly detection. To the best of our knowledge so far, a novel behavioral analytic framework, which is dedicated to analyze Active Directory domain service logs and to monitor potential inside threat, is now first proposed in this project. Experiments on real dataset not only show that the proposed idea indeed explores a new feasible direction for cyber security monitoring, but also gives a guideline on how to deploy this framework to various environments.
Keywords
"Markov processes","Hidden Markov models","Monitoring","Data models","Computer security","Computational modeling","Organizations"
Publisher
ieee
Conference_Titel
Security Technology (ICCST), 2015 International Carnahan Conference on
Print_ISBN
978-1-4799-8690-3
Electronic_ISBN
2153-0742
Type
conf
DOI
10.1109/CCST.2015.7389698
Filename
7389698
Link To Document