• English
    • Norsk
  • English 
    • English
    • Norsk
  • Administration
View Item 
  •   Home
  • Det matematisk-naturvitenskapelige fakultet
  • Institutt for informatikk
  • Institutt for informatikk
  • View Item
  •   Home
  • Det matematisk-naturvitenskapelige fakultet
  • Institutt for informatikk
  • Institutt for informatikk
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

A Holistic Approach to Insider Threat Detection

Berdal, Sondre Johannessen
Master thesis
View/Open
Thesis_sondrejb.pdf (2.548Mb)
Year
2018
Permanent link
http://urn.nb.no/URN:NBN:no-68010

Metadata
Show metadata
Appears in the following Collection
  • Institutt for informatikk [3604]
Abstract
Insider threats constitute a major problem for many organizations. Traditional security mechanisms, such as intrusion detection systems and firewalls, do not represent optimal solutions for insider threat detection and prevention. That is because insider threats are generally performed by people that are already trusted, and who possess access to, and knowledge of, important organizational assets. In this thesis, we explore three possible approaches to applying machine learning to classify insider threat behaviors; supervised-, unsupervised-, and reinforcement learning. We describe the development of an unsupervised machine learning system that aims to detect malicious insider threat activity by analyzing data from different technical sources. The system was developed to be simple and easy to assemble. By utilizing existing machine learning algorithms we tested the performance of this system. The results showed that the system was able to detect malicious insider activity with a weak to moderate positive relationship in the training phase, and a negligent positive relationship in the testing phase. The results suggest that we cannot solely rely on this machine learning system for the detection of insider threats with the system in its current state. We conclude from these preliminary explorations that machine learning shows some promise as a measure for insider threat detection if used in adjunct to manual forensics work. To improve the performance of the current system, it seems necessary to include more substance to the selected features, such as the name of files, subject and header of e-mail, what type of websites are visited. In addition, the physical security and cybersecurity aspects, as well as psychological, and organizational factors should be addressed when considering the insider threat. Future research should focus on acquiring real datasets, aggregation of insider threat scenarios and use cases, and testing different machine learning approaches both from technical and non-technical sources.
 
Responsible for this website 
University of Oslo Library


Contact Us 
duo-hjelp@ub.uio.no


Privacy policy
 

 

For students / employeesSubmit master thesisAccess to restricted material

Browse

All of DUOCommunities & CollectionsBy Issue DateAuthorsTitlesThis CollectionBy Issue DateAuthorsTitles

For library staff

Login
RSS Feeds
 
Responsible for this website 
University of Oslo Library


Contact Us 
duo-hjelp@ub.uio.no


Privacy policy