A. Stephen McGough
Insider Threats: Identifying Anomalous Human Behaviour in Heterogeneous Systems Using Beneficial Intelligent Software (Ben-ware)
McGough, A. Stephen; Wall, David; Brennan, John; Theodoropoulos, Georgios; Ruck-Keene, Ed; Arief, Budi; Gamble, Carl; Fitzgerald, John; van Moorsel, Aad
Authors
David Wall
John Brennan
Georgios Theodoropoulos
Ed Ruck-Keene
Budi Arief
Carl Gamble
John Fitzgerald
Aad van Moorsel
Abstract
In this paper, we present the concept of "Ben-ware" as a beneficial software system capable of identifying anomalous human behaviour within a 'closed' organisation's IT infrastructure. We note that this behaviour may be malicious (for example, an employee is seeking to act against the best interest of the organisation by stealing confidential information) or benign (for example, an employee is applying some workaround to complete their job). To help distinguish between users who are intentionally malicious and those who are benign, we use human behaviour modelling along with Artificial Intelligence. Ben-ware has been developed as a distributed system comprising of probes for data collection, intermediate nodes for data routing and higher nodes for data analysis. This allows for real-time analysis with low impact on the overall infrastructure, which may contain legacy and low-power resources. We present an analysis of the appropriateness of the Ben-ware system for deployment within a large closed organisation, comprising of both new and legacy hardware, to protect its essential information. This analysis is performed in terms of the memory footprint, disk footprint and processing requirements of the different parts of the system.
Citation
McGough, A. S., Wall, D., Brennan, J., Theodoropoulos, G., Ruck-Keene, E., Arief, B., Gamble, C., Fitzgerald, J., & van Moorsel, A. (2015, December). Insider Threats: Identifying Anomalous Human Behaviour in Heterogeneous Systems Using Beneficial Intelligent Software (Ben-ware). Presented at Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats - MIST '15, Denver, USA
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats - MIST '15 |
| Publication Date | Jan 1, 2015 |
| Deposit Date | Nov 18, 2015 |
| Publicly Available Date | Nov 24, 2015 |
| Publisher | Association for Computing Machinery (ACM) |
| Pages | 1-12 |
| Book Title | 7th ACM CCS International Workshop on Managing Insider Security Threats, MIST '15, 12-16 October 2015, Denver, Colorado ; proceedings. |
| DOI | https://doi.org/10.1145/2808783.2808785 |
| Keywords | Insider threats, Detection, Anomalous behaviour, Human behaviour, Artificial intelligence, Assistive tool, Ethics |
| Public URL | https://durham-repository.worktribe.com/output/1152422 |
Files
Accepted Conference Proceeding
(1.3 Mb)
PDF
Copyright Statement
© 2015 ACM. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in 7th ACM CCS International Workshop on Managing Insider Security Threats, MIST '15, 12-16 October 2015, Denver, Colorado ; proceedings, 2015, http://dx.doi.org/10.1145/2808783.2808785
You might also like
Analysis of power-saving techniques over a large multi-use cluster with variable workload
(2013)
Journal Article
Developing a Cost-Effective Virtual Cluster on the Cloud
(2012)
Book Chapter
Downloadable Citations
About Durham Research Online (DRO)
Administrator e-mail: dro.admin@durham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search