Insider threats are veritable needles within the haystack. Their occurrence is rare and when they do occur are usually masked well within normal operation. The detection of these threats requires identifying these rare anomalous needles in a contextualized setting where behaviors are constantly evolving over time. To this refined search, we have designed approaches based on both supervised and unsupervised, ensemble-based learning algorithms that maintain a compressed dictionary of repetitive sequences found throughout dynamic data streams of unbounded length to identify anomalies. For example, in unsupervised learning, compression-based techniques are used to model common behavior sequences. ...
Get Big Data Analytics with Applications in Insider Threat Detection now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
