Applying Modified K-Nearest Neighbor to Detect Insider Threat in Collaborative Information Systems
Collaborative information systems have acquired a lot of attention recently by providing all the information at one place. These systems can be used in all scenarios where there are many user roles defined and a lot of common information is accessed by them. In such cases, a huge possibility of threats from insiders exists. This is due to the fact that users have access to all the subjects irrespective of their roles. Users may sometimes misuse the system by taking out the information for some invalid reasons. It is very difficult to avert such situations. The work proposed here provides a way out of detecting such anomalous activity by making us of patterns of usage and a modified k nearest neighbor algorithm. The proposed work does not require any type of access control mechanism or extra information about the users or subjects. It is purely dependent on the access log of the users which is automatically generated once the user accesses the subjects. The relational patterns of access logs are analyzed for nearest neighbors in terms of number of subjects accessed as well as metainformation related to those subjects. Deviation is calculated for all the users. Anomalous users show larger deviation from their nearest neighbors. The proposed work improves the accuracy of the algorithm by adding few more parameters of validity and weight while calculating the deviation. It is proved by the experiments that the detection of anomalous users is more likely in case of modified nearest neighbor algorithm.
Aruna Singh, Smita Shukla Patel
To read the full article Download Full Article