Hide metadata

dc.contributor.authorBerdal, Sondre Johannessen
dc.date.accessioned2018-11-28T23:01:39Z
dc.date.available2018-11-28T23:01:39Z
dc.date.issued2018
dc.identifier.citationBerdal, Sondre Johannessen. A Holistic Approach to Insider Threat Detection. Master thesis, University of Oslo, 2018
dc.identifier.urihttp://hdl.handle.net/10852/65741
dc.description.abstractInsider threats constitute a major problem for many organizations. Traditional security mechanisms, such as intrusion detection systems and firewalls, do not represent optimal solutions for insider threat detection and prevention. That is because insider threats are generally performed by people that are already trusted, and who possess access to, and knowledge of, important organizational assets. In this thesis, we explore three possible approaches to applying machine learning to classify insider threat behaviors; supervised-, unsupervised-, and reinforcement learning. We describe the development of an unsupervised machine learning system that aims to detect malicious insider threat activity by analyzing data from different technical sources. The system was developed to be simple and easy to assemble. By utilizing existing machine learning algorithms we tested the performance of this system. The results showed that the system was able to detect malicious insider activity with a weak to moderate positive relationship in the training phase, and a negligent positive relationship in the testing phase. The results suggest that we cannot solely rely on this machine learning system for the detection of insider threats with the system in its current state. We conclude from these preliminary explorations that machine learning shows some promise as a measure for insider threat detection if used in adjunct to manual forensics work. To improve the performance of the current system, it seems necessary to include more substance to the selected features, such as the name of files, subject and header of e-mail, what type of websites are visited. In addition, the physical security and cybersecurity aspects, as well as psychological, and organizational factors should be addressed when considering the insider threat. Future research should focus on acquiring real datasets, aggregation of insider threat scenarios and use cases, and testing different machine learning approaches both from technical and non-technical sources.eng
dc.language.isoeng
dc.subjectlocal outlier factor
dc.subjectelliptic envelope
dc.subjectsysmon
dc.subjectsupervised learning
dc.subjectmachine learning
dc.subjectclassification
dc.subjectcybersecurity
dc.subjectunsupervised learning
dc.subjectreinforcement learning
dc.subjectisolation forest
dc.subjectphysical security
dc.subjectinsider threat
dc.subjectpersonnel security
dc.titleA Holistic Approach to Insider Threat Detectioneng
dc.typeMaster thesis
dc.date.updated2018-11-28T23:01:39Z
dc.creator.authorBerdal, Sondre Johannessen
dc.identifier.urnURN:NBN:no-68010
dc.type.documentMasteroppgave
dc.identifier.fulltextFulltext https://www.duo.uio.no/bitstream/handle/10852/65741/1/Thesis_sondrejb.pdf


Files in this item

Appears in the following Collection

Hide metadata