• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

A study on Classification of Insider threat using Markov Chain Model

Vol. 12, No. 4, April 29, 2018
10.3837/tiis.2018.04.027, Download Paper (Free):

Abstract

In this paper, a method to classify insider threat activity is introduced. The internal threats help detecting anomalous activity in the procedure performed by the user in an organization. When an anomalous value deviating from the overall behavior is displayed, we consider it as an inside threat for classification as an inside intimidator. To solve the situation, Markov Chain Model is employed. The Markov Chain Model shows the next state value through an arbitrary variable affected by the previous event. Similarly, the current activity can also be predicted based on the previous activity for the insider threat activity. A method was studied where the change items for such state are defined by a transition probability, and classified as detection of anomaly of the inside threat through values for a probability variable. We use the properties of the Markov chains to list the behavior of the user over time and to classify which state they belong to. Sequential data sets were generated according to the influence of n occurrences of Markov attribute and classified by machine learning algorithm. In the experiment, only 15% of the Cert: insider threat dataset was applied, and the result was 97% accuracy except for NaiveBayes. As a result of our research, it was confirmed that the Markov Chain Model can classify insider threats and can be fully utilized for user behavior classification.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
D. Kim, S. Hong, M. Han, "A study on Classification of Insider threat using Markov Chain Model," KSII Transactions on Internet and Information Systems, vol. 12, no. 4, pp. 1887-1898, 2018. DOI: 10.3837/tiis.2018.04.027.

[ACM Style]
Dong-Wook Kim, Sung-Sam Hong, and Myung-Mook Han. 2018. A study on Classification of Insider threat using Markov Chain Model. KSII Transactions on Internet and Information Systems, 12, 4, (2018), 1887-1898. DOI: 10.3837/tiis.2018.04.027.

[BibTeX Style]
@article{tiis:21746, title="A study on Classification of Insider threat using Markov Chain Model", author="Dong-Wook Kim and Sung-Sam Hong and Myung-Mook Han and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2018.04.027}, volume={12}, number={4}, year="2018", month={April}, pages={1887-1898}}