Newsroom
Headlines
Calendar
Seminar Series
Publications
Media Information
Insider Threat: User Identification Via Process Profiling
Steven McKinney
Date: 2008-05-07
Degree: MS - Computer Networking
Advisory Committee
Dr. D. S. Reeves - Committee ChairDr. J. Doyle - Committee Member
Dr. P. Ning - Committee Member
Abstract
The issue of insider threat is one that organizations have dealt with for many years. Insider threat research began in the early 80's, but has yet to provide satisfactory results despite the fact that insiders pose a greater threat to organizations than external attackers. One of the key issues relating to this problem is that the amount of collectable data is enormous and it is currently impossible to analyze all of it, for each insider, in a timely manner. The purpose of this research is to analyze a portion of this collectable data, process usage, and determine if this data is useful in identifying insiders. Identification of the person controlling the workstation is useful in environments where workstations are left unattended, even for a short amount of time. To do this, we developed an insider threat detection system based on the Naive Bayes method which examines process usage data and creates individual profiles for users. By comparing collected data to these profiles we are able to determine who is controlling the workstation with high accuracy. We are able to achieve true positive rates of 96\% while maintaining fewer than 0.5\% false positives.
Download the complete document from the NCSU Libraries: 
