Cited By
View all- Lupton SWashizaki HYoshioka NFukazawa Y(2024)Landscape and Taxonomy of Online Parser-Supported Log Anomaly Detection MethodsIEEE Access10.1109/ACCESS.2024.338728712(78193-78218)Online publication date: 2024
Improved Insider Threat Detection Method of University Cluster System based on Log-Clustering
Author: 
Yangyang LiAuthors Info & Claims
Yangyang LiAuthors Info & ClaimsPages 236 - 241
Abstract
In response to the low accuracy issue of the log-based clustering method for insider threat detection in university cluster systems, this study proposes an improved log-based clustering method for insider threat detection. Firstly, when dividing logs into log sequences, we consider the differences between different users. We classify the logs based on user accounts and use a sliding window approach to divide the classified logs into labeled log sequences for subsequent clustering learning. This approach takes into account the behavioral pattern differences between different users. Additionally, in practical applications, the output results of the model are manually inspected, misjudgments are marked, and the model is iterated using the labeled data to improve its accuracy. Experimental results demonstrate that the improved internal threat detection method effectively enhances the detection accuracy and is more suitable for real-world production environments.
References
[1]
Jiachang Huang. 2019. Discussion on security risk and countermeasures of university station group system. Information and Computer (Theory), 31, 21, 212-214. (in Chinese)
[2]
Xiaofu Zhu. 2019. Discussion on key technologies of security level protection of university website group. Digital Technology and Application, 37, 3, 207-236. (in Chinese)
[3]
Le D C and Zincir-Heywood A N. 2018. Evaluating insider threat detection workflow using supervised and unsupervised learning. IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, 270-275, https://doi.org/10.1109/SPW.2018.00043
[4]
Pinjia He, Jieming Zhu, Shilin He, Jian Li and Michael R. Lyu. 2018. Towards Automated Log Parsing for Large-Scale Log Data Analysis. IEEE Transactions on Dependable and Secure Computing, 15, 6, (Nov.-Dec. 2018), 931-944. https://doi.org/10.1109/TDSC.2017.2762673
[5]
Shi Ying, Bingming Wang, Lu Wang, Qingshan Li, Yishi Zhao, Jianga Shang, Hao Huang, Guoli Cheng, Zhe Yang and Jianyi Geng. 2021. An improved KNN-based efficient log anomaly detection method with automatically labeled samples. ACM Transactions on Knowledge Discovery from Data (TKDD), 15, 3, 1-22. https://doi.org/10.1145/3441448
[6]
Wei Xu, Ling Huang, Armando Fox, David Patterson, and Michael I. Jordan. 2009. Detecting large-scale system problems by mining console logs. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles (SOSP '09). Association for Computing Machinery, New York, NY, USA, 117–132. https://doi.org/10.1145/1629575.1629587
[7]
Jian-Guang Lou, Qiang Fu, Shengqi Yang, Ye Xu, and Jiang Li. 2010. Mining invariants from console logs for system problem detection. In Proceedings of the 2010 USENIX conference on USENIX annual technical conference (USENIXATC'10). USENIX Association, USA, 24.
[8]
Risto Vaarandi and Mauno Pihelgas. 2015. LogCluster - A data clustering and pattern mining algorithm for event logs. 2015 11th International Conference on Network and Service Management (CNSM), Barcelona, Spain, pp. 1-7, https://doi.org/10.1109/CNSM.2015.7367331
[9]
Shenglin Zhang, 2017. Syslog processing for switch failure diagnosis and prediction in datacenter networks. 2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS), Vilanova i la Geltrú, Spain, 2017, pp. 1-10, https://doi.org/10.1109/IWQoS.2017.7969130
[10]
C. D. Manning, P. Raghavan and H. Schütze. 2008. Introduction to Information Retrieval, Cambridge University Press, 2008.
[11]
J. C. Gower and G. J. S. Ross. 1969. Minimum Spanning Trees and Single Linkage Cluster Analysis, Journal of the Royal Statistical Society Series C: Applied Statistics. 18, 1, (March 1969), 54–64, https://doi.org/10.2307/2346439
Recommendations
Few-shot Insider Threat Detection
CIKM '20: Proceedings of the 29th ACM International Conference on Information & Knowledge ManagementInsiders cause significant cyber-security threats to organizations. Due to a very limited number of insiders, most of the current studies adopt unsupervised learning approaches to detect insiders by analyzing the audit data that record information about ...
Multi-Domain Information Fusion for Insider Threat Detection
SPW '13: Proceedings of the 2013 IEEE Security and Privacy WorkshopsMalicious insiders pose significant threats to information security, and yet the capability of detecting malicious insiders is very limited. Insider threat detection is known to be a difficult problem, presenting many research challenges. In this paper ...
Towards Insider Threat Detection Using Psychophysiological Signals
MIST '15: Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security ThreatsInsider threat is one of the greatest concerns for the information security system that could cause greater financial losses and damages than any other attacks. Recently many studies have been proposed to monitor and detect the insider attacks. However, ...
Comments
Information & Contributors
Information
Published In
September 2023
441 pages
ISBN:9798400707667
DOI:10.1145/3627377
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 December 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICBDT 2023
ICBDT 2023: 2023 6th International Conference on Big Data Technologies
September 22 - 24, 2023
Qingdao, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 26Total Downloads
- Downloads (Last 12 months)19
- Downloads (Last 6 weeks)2
Reflects downloads up to 27 Feb 2025
Other Metrics
Citations
Cited By
View all- Lupton SWashizaki HYoshioka NFukazawa Y(2024)Landscape and Taxonomy of Online Parser-Supported Log Anomaly Detection MethodsIEEE Access10.1109/ACCESS.2024.338728712(78193-78218)Online publication date: 2024
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format