Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Data-driven model-based detection of malicious insiders via physical access logs
Cheh C., Thakore U., Fawaz A., Chen B., Temple W., Sanders W. ACM Transactions on Modeling and Computer Simulation29 (4):1-25,2019.Type:Article
Date Reviewed: Mar 8 2021

Employees with security clearance will perhaps continue to pose the ultimate security threat to businesses, organizations, and security researchers. What kinds of data and algorithms should be effectively used to monitor and thwart risky employees? Cheh et al. offer some insights for identifying malicious insiders based on recorded physical access logs.

The authors present a framework for portraying user actions, to identify different models for delving into user behavior via historical data. Two distinct Markov models are used to identify the physical pathways in use at railway transit stations. The security threat model identifies users with legal or illegal physical access to the station rooms.

The malicious insider detection framework consists of components for discovering “the spatial and temporal properties of user movement behavior,” and then ascertaining and applying an appropriate model to guesstimate the likelihood of anomalous access in the railway system blueprint. The framework includes offline and online phases. In the offline phase, “characterization of users based on their past movement behavior, and construction of models based on users’ characteristics and past movement.” The online phase computes the magnitude of uncharacteristic accesses by users.

To evaluate the effectiveness of the advocated framework, the authors use data on the physical card accesses of 590 users to a railway station with 62 rooms. The information on several thousand physical accesses includes date and time, door code, user credential, and access type. The results of the data analysis reveal that the Markov model is effective in forecasting subsequent user movements based on historical physical accesses, and the unique pathways of users are appropriate for discovering regular and irregular movement behavior. The simulation results show the framework’s reliability and competency.

The authors present accurate and efficient algorithms for detecting normal and abnormal access to physical computer rooms and resources. System administrators and cybersecurity experts should read this insightful paper.
Reviewer:  Amos Olagunju Review #: CR147207 (2106-0151)
Bookmark and Share
  Reviewer Selected
Featured Reviewer 		 
 
Security and Protection (C.2.0 ... )
 
 
Real-Time And Embedded Systems (C.3 ... )
 
 
General (C.0 )
 
 
Computer Systems Organization (C )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)		 Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)		 Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article		 Oct 1 1987
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy