Abstract
In an organization, the interactions users have with software leave patterns or traces of the parts of the systems accessed. These interactions can be associated with the underlying software architecture. The first step in detecting problems like insider threat is to detect those traces that are anomalous. Here, we propose a method to find anomalous users leveraging these interaction traces, categorized by user roles. We propose a model based approach to cluster user sequences and find outliers. We show that the approach works on a simulation of a large scale system based on and Amazon Web application style.
Original language | English |
---|---|
Pages | 69-71 |
Number of pages | 3 |
DOIs | |
State | Published - 2016 |
Externally published | Yes |
Event | Symposium and Bootcamp on the Science of Security, HotSos 2016 - Pittsburgh, United States Duration: 19 Apr 2016 → 21 Apr 2016 |
Conference
Conference | Symposium and Bootcamp on the Science of Security, HotSos 2016 |
---|---|
Country/Territory | United States |
City | Pittsburgh |
Period | 19/04/16 → 21/04/16 |
Keywords
- anomaly detection
- model-based graph clustering