BIFROST: A Statistical Analysis Framework for Detecting Insider Threat Activities on Cyber Systems

Abstract

The purpose of this research is to investigate, design and implement a statistical analysis-based insider threat detection product deployable to resource-disadvantaged systems and provide organizations with a method for baselining the network profiles and host activities unique to their operational environments. Our system design seeks to alert the system and its operators to invest greater monitoring resources against hosts who exhibit threat characteristics of insider activity and prevent such activities from inflicting harm on the system and/or causing an information-loss event for the organization. This system provides an initial starting point for future work, implementing one means of detecting insider threat activities; this implementation results in best- and worst-case detection rates of ~74% and ~68.2%, respectively, against our test data. We believe our framework provides a reasonable starting point for future work and improvement.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2019
Accession Number
AD1080213

Entities

People

  • Scott E. Findley

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Anomaly Detection
  • Change Detection
  • Computer Science
  • Computers
  • Cybersecurity
  • Cyberspace Operations
  • Data Analysis
  • Detection
  • Detectors
  • Graphical User Interface
  • Information Processing
  • Information Science
  • Information Systems
  • Insider Threats
  • Intrusion Detection
  • Operating Systems
  • Statistical Analysis

Fields of Study

  • Computer science

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Organizational Process Management (OPM).
  • Sensor Fusion and Tracking Systems.

Technology Areas

  • Cyber