Detecting anomalous insiders in collaborative information systems

IEEE Transactions on Dependable and Secure Computing

Volumn 9, Issue 3, 2012, Pages 332-344

  Chen, You ^a   Nyemba, Steve ^a   Malin, Bradley ^a  

^a VANDERBILT UNIVERSITY MEDICAL CENTER   (United States)

Author keywords

data mining; insider threat detection; Privacy; social network analysis

Indexed keywords

ANOMALY DETECTION; DATA MINING; DATA PRIVACY; DIAGNOSIS; DISTRIBUTED COMPUTER SYSTEMS; ELECTRONIC DOCUMENT EXCHANGE; INFORMATION SYSTEMS; INFORMATION USE; SEMANTICS; SOCIAL NETWORKING (ONLINE);

ANOMALY DETECTION SYSTEMS; COLLABORATIVE ENVIRONMENTS; COLLABORATIVE INFORMATION SYSTEMS; COMMUNITY STRUCTURES; ELECTRONIC HEALTH RECORD(EHR) SYSTEM; HEALTH CARE PROVIDERS; INSIDER THREAT DETECTIONS; SENSITIVE INFORMATIONS;

INFORMATION MANAGEMENT;

EID: 84863381941     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2012.11     Document Type: Article

References (56)

1. L.A. Adamic and E. Adar, "Friends and Neighbors on the Web," Social Networks, vol. 25, no. 3, pp. 211-230, 2003. (Pubitemid 36831776)
2. M. Alawneh and I. Abbadi, "Preventing Information Leakage between Collaborating Organisations," Proc. 10th Int'l Conf. Electronic Commerce, pp. 185-194, 2008.
3. V. Bellotti and S. Bly, "Walking Away from the Desktop Computer: Distributed Collaboration and Mobility in a Product Design Team," Proc. ACM Conf. Computer Supported Cooperative Work, pp. 209-218, 1996.
4. F. Benaben, J. Touzi, V. Rajsiri, and H. Pingaud, "Collaborative Information System Design," Proc. Int'l Conf. Assoc. Information and Management, pp. 281-296, 2006.
5. A.A. Boxwala, J. Kim, J.M. Grillo, and L.O. Machado, "Using Statistical and Machine Learning to Help Institutions Detect Suspicious Access to Electronic Health Records," J. Am. Medical Informatics Assoc., vol. 18, pp. 498-505, 2011.
6. J. Byun and N. Li, "Purpose Based Access Control for Privacy Protection in Relational Database Systems," Int'l J. Very Large Data Bases, vol. 17, pp. 603-619, 2008.
7. S. Chakraborty and I. Ray, "TrustBac: Integrating Trust Relationships into the RBAC Model for Access Control in Open Systems," Proc. 11th ACM Symp. Access Control Models and Technologies, pp. 49-58, 2006. (Pubitemid 44300741)
8. H. Chen, F. Wang, and D. Zeng, "Intelligence and Security Informatics for Homeland Security: Information, Communication, and Transportation," IEEE Trans. Intelligent Transportation Systems, vol. 5, no. 4, pp. 329-341, Dec. 2004.
9. H. Chen, D. Zeng, H. Atabakhsh, W. Wyzga, and J. Schroeder, "COPLINK: Managing Law Enforcement Data and Knowledge," Comm. ACM, vol. 46, no. 1, pp. 28-34, 2003.
10. Y. Chen and B. Malin, "Detection of Anomalous Insiders in Collaborative Environments via Relational Analysis of Access Logs," Proc. First ACM Conf. Data and Application Security Security and Privacy, pp. 63-74, 2011.
11. Y. Chen, S. Nyemba, W. Zhang, and B. Malin, "Leveraging Social Networks to Detect Anomalous Insider Actions in Collaborative Environments," Proc. IEEE Ninth Intelligence and Security Informatics, pp. 119-124, 2011.
12. P. Cheng, P. Rohatgi, C. Keser, P.A. Karger, and G.M. Wagner, "Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control," Research Report RC24190 (W0702-085), IBM, 2007.
13. J. Crampton and M. Huth, Towards an Access-Control Framework for Countering Insider Threats. Springer, 2010.
14. W. Eberle and L. Holder, "Applying Graph-Based Anomaly Detection Approaches to the Discovery of Insider Threats," Proc. IEEE Int'l Conf. Intelligence and Security Informatics, pp. 206-208, 2009.
15. L. Eldenburg, N. Soderstrom, V. Willis, and A. Wu, "Behavioral Changes Following the Collaborative Development of an Accounting Information System," Accounting, Organizations and Soc., vol. 35, no. 2, pp. 222-237, 2010.
16. J. George, G. Easton, J. Nunamaker, and G. Northcraft, "A Study of Collaborative Group Work with and without Computer-Based Support," Information Systems Research, vol. 1, no. 4, pp. 394-415, 1990.
17. C. Georgiadis, I. Mavridis, G. Pangalos, and R. Thomas, "Flexible Team-Based Access Control Using Contexts," Proc. Sixth ACM Symp. Access Control Models and Technologies, pp. 21-27, 2001.
18. D. Giuse, "Supporting Communication in an Integrated Patient Record System," Proc. Ann. Symp. Am. Medical Informatics Assoc., p. 1065, 2003.
19. T. Gruber, "Collective Knowledge Systems: Where the Social Web Meets the Semantic Web," J. Web Semantics, vol. 6, no. 1, pp. 4-13, 2007.
20. C. Gunter, D. Liebovitz, and B. Malin, "Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems," IEEE Security and Privacy Magazine, vol. 9, no. 5, pp. 48-55, Sept./Oct. 2011.
21. S. Hirose, K. Yamanishi, T. Nakata, and R. Fukimaki, "Network Anomaly Detection Based on Eigen Equation Compression," Proc. 15th ACM SIGKDD Int'l Conf. Knowledge Discovery and Data Mining, pp. 1185-1194, 2009.
22. C. Huang, T. Li, H. Wang, and C. Chang, "A Collaborative Support Tool for Creativity Learning: Idea Storming Cube," Proc. IEEE Seventh Int'l Conf. Advanced Learning Technologies, pp. 31-35, 2007.
23. S. Javanmardi and C. Lopes, "Modeling Trust in Collaborative Information Systems," Proc. Int'l Conf. Colla borative Computing: Networking, Applications and Worksharing, pp. 299-302, 2007.
24. R. Kannan, S. Vempala, and A. Vetta, "On Clusterings: Good, Bad and Spectral," J. ACM, vol. 51, no. 3, pp. 497-515, 2004.
25. J. Kim, J. Grillo, A. Boxwala, X. Jiang, R. Mandelbaum, B. Patel, D. Mikels, S. Vinterbo, and L. Ohno-Machado, "Anomaly and Signature Filtering Improve Classifier Performance for Detection of Suspicious Access to EHRs," Proc. Ann. Symp. Am. Medical Informatics Assoc., pp. 723-731, 2011.
26. M. Kuhlmann, D. Shohat, and G. Schimpf, "Role Mining-Revealing Business Roles for Security Administration Using Data Mining Technology," Proc. Eighth ACM Symp. Access Control Models and Technologies, pp. 179-186, 2003.
27. D. Kulkarni and A. Tripathi, "Context-Aware Role-Based Access Control in Pervasive Computing Systems," Proc. 13th ACM Symp. Access Control Models and Technologies, pp. 113-122, 2008.
28. A. Lee and T. Yu, "Towards a Dynamic and Composable Model of Trust," Proc. 14th ACM Symp. Access Control Models and Technologies, pp. 217-226, 2009.
29. J. Leskovec, K. Lang, A. Dasgupta, and M. Mahoney, "Statistical Properties of Community Structure in Large Social and Information Networks," Proc. 17th Int'l Conf. World Wide Web, pp. 695-704, 2008.
30. J. Leskovec, K.J. Lang, A. Dasgupta, and M.W. Mahoney, Community Structure in Large Networks: Natural Cluster Sizes and the Absence of Large Well-Defined Clusters, Computing Research Repository, abs/0810.1355, 2008.
31. Y. Liao and V.R. Vemuri, "Use of k-Nearest Neighbor Classifier for Intrusion Detection," J. Computer Security, vol. 21, no. 5, pp. 439-448, 2002. (Pubitemid 34835644)
32. J. Lotspiech, S. Nusser, and F. Pestoni, "Anonymous Trust: Digital Rights Management Using Broadcast Encryption," Proc. IEEE, vol. 92, no. 6, pp. 898-902, June 2004.
33. B. Malin, S. Nyemba, and J. Paulett, "Learning Relational Policies from Electronic Health Record Access Logs," J. Biomedical Informatics, vol. 44, no. 2, pp. 333-342, 2011.
34. N. Menachemi and R. Brooks, "Reviewing the Benefits and Costs of Electronic Health Records and Associated Patient Safety Technologies," J. Medical Systems, vol. 30, no. 3, pp. 159-168, 2008. (Pubitemid 44060918)
35. I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo, "Mining Roles with Semantic Meanings," Proc. 13th ACM Symp. Access Control Models and Technologies, pp. 21-30, 2008.
36. M. Newman, "Properties of Highly Clustered Networks," Physical Rev. E, vol. 68, no. 026121, pp. 1-6, 2003.
37. C.C. Noble and D.J. Cook, "Graph-Based Anomaly Detection," Proc. Ninth ACM SIGKDD Int'l Conf. Knowledge Discovery and Data Mining, pp. 631-636, 2003.
38. J. Park, R. Sandhu, and G. Ahn, "Role-Based Access Control on the Web," ACM Trans. Information System Security, vol. 4, no. 1, pp. 37-71, 2001.
39. M. Peleg, D. Beimel, D. Dori, and Y. Denekamp, "Situation-Based Access Control: Privacy Management via Modeling of Patient Data Access Scenarios," J. Biomedical Informatics, vol. 41, no. 6, pp. 1028-1040, 2008.
40. D. Pokrajac, A. Lazarevic, and L. Latecki, "Incremental Local Outlier Detection for Data Streams," Proc. IEEE Symp. Computational Intelligence and Data Mining, pp. 504-515, 2007. (Pubitemid 47431481)
41. R. Popp, "Countering Terrorism through Information Technology," Comm. ACM, vol. 47, no. 3, pp. 36-43, 2004.
42. C. Probst, R.R. Hansen, and F. Nielson, "Where Can an Insider Attack?," Proc. Workshop Formal Aspects in Security and Trust, pp. 127-142, 2006.
43. L. Røstad and O. Edsberg, "A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs," Proc. 22nd Ann. Computer Security Applications Conf., pp. 175-186, 2006.
44. E. Schultz, "A Framework for Understanding and Predicting Insider Attacks," Computers and Security, vol. 21, no. 6, pp. 526-531, 2002. (Pubitemid 35186246)
45. J. Shi and J. Malik, "Normalized Cuts and Image Segmentation," IEEE Trans. Pattern Analysis and Machine Intelligence, vol. 22, no. 8, pp. 888-905, Aug. 2002.
46. J. Shlens, A Tutorial on Principal Component Analysis, Inst. of Nonlinear Science, Univ. of California, 2005.
47. M. Shyu, S. Chen, K. Sarinnapakorn, and L. Chang, "A Novel Anomaly Detection Scheme Based on Principal Component Classifier," Proc. IEEE Third Foundations and New Directions of Data Mining Workshop, pp. 172-179, 2003.
48. S. Stolfo, S. Bellovin, S. Hershkop, A. Keromytis, S. Sinclair, and S.W. Smith, Insider Attack and Cyber Security: Beyond the Hacker. Springer, 2008.
49. J. Sun, H. Qu, D. Chakrabarti, and C. Faloutsos, "Neighborhood Formation and Anomaly Detection in Bipartite Graph," Proc. IEEE Fifth Int'l Conf. Data Mining, pp. 418-425, 2005. (Pubitemid 47385721)
50. J. Tang, Z. Chen, A. Fu, and D. Cheung, "Enhancing Effectiveness of Outlier Detections for Low Density Patterns," Proc. Sixth Pacific-Asia Conf. Knowledge Discovery and Data Mining, pp. 535-7548, 2002.
51. R. Thomas and S. Sandhu, "Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management," Proc. IFIP 11th Int'l Conf. Database Security, pp. 166-181, 1997.
52. T. Tuglular and E. Spafford, "A Framework for Characterization of Insider Computer Misuse," Unpublished paper, 1997.
53. J. Vaidya, V. Atluri, Q. Guo, and N. Adam, "Migrating to Optimal RBAC with Minimal Perturbation," Proc. 13th ACM Symp. Access Control Models and Techologies, pp. 11-20, 2008.
54. J. Vaidya, V. Atluri, and J. Warner, "Roleminer: Mining Roles Using Subset Enumeration," Proc. 13th ACM Conf. Computer and Comm. Security, pp. 144-153, 2006. (Pubitemid 47131364)
55. L. von Ahn, "Games with a Purpose," Computer, vol. 39, no. 6, pp. 96-98, June 2006.
56. W. Zhang, C. Gunter, D. Liebovitz, J. Tian, and B. Malin, "Role prediction Using Electronic Medical Record System Audits," Proc. Ann. Symp. Am. Medical Informatics Assoc., pp. 858-867, 2011.