Investigating insider threat cases is challenging because activities are conducted with legitimate access that makes distinguishing malicious activities from normal activities difficult. To assist with identifying non-normal activities, we propose using two types of pattern discovery to identify a person's behavioral patterns in network data. The behavioral patterns serve to deemphasize normal behavior so that insider threat investigations can focus attention on potentially more relevant. Results from a controlled experiment demonstrate the highlighting of a suspicious event through the reduction of events belonging to discovered patterns. Abstract © 2016 IEEE.
2016 IEEE Security and Privacy Workshops (SPW)
A. C. Lin and G. L. Peterson, "Activity Pattern Discovery from Network Captures," 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, USA, 2016, pp. 334-342, doi: 10.1109/SPW.2016.22.