期刊名称:International Journal of Advances in Engineering and Management
电子版ISSN:2395-5252
出版年度:2020
卷号:2
期号:7
页码:831-835
DOI:10.35629/5252-0207764778
语种:English
出版社:IJAEM JOURNAL
摘要:Early detection of insider threats despite the large volumes of networked data and similarity of breach data points with legitimate network activity remains a viable research area in information security. Conceptualizing network data as stream data helps in applying stream analytics for effective handling of the velocity and volume of data prevalent on most networks nowadays. This study adopted stream data methodologies for characterizing insider threat data as it is almost impossible to handle all the features in network data as its large size makes it impossible to store and the speed at which data points are collected makes it impossible to analyze all features at once. More importantly as attackers continually try to mimic legitimate actions, it is important to treat every new data point with a methodology that accommodates drifts in concepts. This study presents an algorithm for quantized dictionary construction for a compressed and concise reference for user command sequences while taking into consideration the feature evolution and concept drift characteristics of stream data. The study recommends the application of stream analytics for tackling the insider threat menace.
