Carnegie Mellon University's CERT Dataset Analysis and Suggestions
AUTHORS
Seungwoo KIM,Dept. of Security Management and Engineering, Graduate School, Myongji UNIV. 116 Myongji-Ro, Cheoin-Gu, Yongin, Gyonggi-Do, KOREA
KIM Jangju,Dept. of Security Management and Engineering, Graduate School, Myongji UNIV. 116 Myongji-Ro, Cheoin-Gu, Yongin, Gyonggi-Do, KOREA
HA Dongwook,Dept. of Security Management and Engineering, Graduate School, Myongji UNIV. 116 Myongji-Ro, Cheoin-Gu, Yongin, Gyonggi-Do, KOREA
RYU Yeonseung,Dept. of Security Management and Engineering, Graduate School, Myongji UNIV. 116 Myongji-Ro, Cheoin-Gu, Yongin, Gyonggi-Do, KOREA
ABSTRACT
Carnegie Mellon University in the United States operates the CERT Insider Threat Center.They have been researching insider threats since 2001 in collaboration with the US Department of Defense, Homeland Security, US Department of Defense, other federal agencies, intelligence agencies, the private industry, academia, and the supplier community. The CERT dataset was developedto research insider threat problemsby CERT Insider Threat Center. The CERT dataset has been used as the bible to detect insider threat abnormality. In this work, we analyze the CERT dataset and draw up some suggestions. This studycan be helpful for the researchers who study the insider threat problems.
KEYWORDS
CERT data, Insider threat, log data, Insider threat detection
REFERENCES
[1] Kang, K., “Study on Big Data Log Analysis for Insider Threat Detection,” In Proceedings of 2017 Summer Conference of Korea Institute of Information Security and Cryptography (2017)
[2] Kim, J.H., Park, M.S., Kim, H.H., Cho, Su-Hyun, K., Pil-Sung, “Development of Insider Threat Detection Method Using Outlier Detection” 2016 Korea Industrial Technology Association Fall Conference and Regular General Meeting, 2016. Vol. 11, pp. 1217-1249 (33 pages) (2016)
[3] H. Dong-Wook, K. Ki-tae, R. Yeon-seung. “Detecting Insider Threat Based on Machine Learning: Anomaly Detection Using RNN Autoencoder,” Journal of Korea Institute of Information Security and Cryptography (2017)
[4] Y.H.Lim, J.S.Hong, K.H.Kook, and W.H.Park, “A Study on Insider Behavior Scoring System to Prevent Data Leaks,” Journal of the Information and Security, Vol. 15, No. 5, pp.77-86 (2015)
[5] P.Parveen and B.Thuraisingham: “Unsupervised Incremental Sequence Learning for Insider Threat Detection,” In Proceedings of IEEE International Conference on Intelligence and Security Informatics (2012)
[6] T.Rashid and I.Agrafiotis, “A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models,” In Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, pp.4 7-56 (2016)(CrossRef)(Google Scholar)
[7] P.Parveen, J.Evans, and B.Thuraisingham: “Insider Threat Detection Using Stream Mining and Graph Mining,” In Proceedings of IEEE Third International Conference on Privacy, Security, Risk and Trust (2011)(CrossRef)(Google Scholar)
[8] O.Bradiczka, J.Liu, B.Price, J.Shen, A.Patil, R.Chow, E.Bart, and N.Ducheneaut, “Proactive insider Threat Detection through Graph Learning and Psychological Context,” In Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops, pp.142-149, May, (2012)(CrossRef)(Google Scholar)