抽象的

Applying Modified K-Nearest Neighbor to Detect Insider Threat in Collaborative Information Systems

Aruna Singh, Smita Shukla Patel

Collaborative information systems have acquired a lot of attention recently by providing all the information at one place. These systems can be used in all scenarios where there are many user roles defined and a lot of common information is accessed by them. In such cases, a huge possibility of threats from insiders exists. This is due to the fact that users have access to all the subjects irrespective of their roles. Users may sometimes misuse the system by taking out the information for some invalid reasons. It is very difficult to avert such situations. The work proposed here provides a way out of detecting such anomalous activity by making us of patterns of usage and a modified k nearest neighbor algorithm. The proposed work does not require any type of access control mechanism or extra information about the users or subjects. It is purely dependent on the access log of the users which is automatically generated once the user accesses the subjects. The relational patterns of access logs are analyzed for nearest neighbors in terms of number of subjects accessed as well as metainformation related to those subjects. Deviation is calculated for all the users. Anomalous users show larger deviation from their nearest neighbors. The proposed work improves the accuracy of the algorithm by adding few more parameters of validity and weight while calculating the deviation. It is proved by the experiments that the detection of anomalous users is more likely in case of modified nearest neighbor algorithm.

免责声明: 此摘要通过人工智能工具翻译,尚未经过审核或验证

索引于

学术钥匙
研究圣经
引用因子
宇宙IF
参考搜索
哈姆达大学
世界科学期刊目录
学者指导
国际创新期刊影响因子(IIJIF)
国际组织研究所 (I2OR)
宇宙

查看更多