A study on Classification of Insider threat using Markov Chain Model
- Authors
- Kim, Dong-Wook; Hong, Sung-Sam; Han, Myung-Mook
- Issue Date
- 30-Apr-2018
- Publisher
- KSII-KOR SOC INTERNET INFORMATION
- Keywords
- Insider threat; Markov Chain; Classification
- Citation
- KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, v.12, no.4, pp.1887 - 1898
- Journal Title
- KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS
- Volume
- 12
- Number
- 4
- Start Page
- 1887
- End Page
- 1898
- URI
- https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/3850
- DOI
- 10.3837/tiis.2018.04.027
- ISSN
- 1976-7277
- Abstract
- In this paper, a method to classify insider threat activity is introduced. The internal threats help detecting anomalous activity in the procedure performed by the user in an organization. When an anomalous value deviating from the overall behavior is displayed, we consider it as an inside threat for classification as an inside intimidator. To solve the situation, Markov Chain Model is employed. The Markov Chain Model shows the next state value through an arbitrary variable affected by the previous event. Similarly, the current activity can also be predicted based on the previous activity for the insider threat activity. A method was studied where the change items for such state are defined by a transition probability, and classified as detection of anomaly of the inside threat through values for a probability variable. We use the properties of the Markov chains to list the behavior of the user over time and to classify which state they belong to. Sequential data sets were generated according to the influence of n occurrences of Markov attribute and classified by machine learning algorithm. In the experiment, only 15% of the Cert: insider threat dataset was applied, and the result was 97% accuracy except for NaiveBayes. As a result of our research, it was confirmed that the Markov Chain Model can classify insider threats and can be fully utilized for user behavior classification.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - IT융합대학 > 소프트웨어학과 > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.