Weak models for insider threat detection

Paul Thompson

doi:10.1117/12.548178

15 September 2004 Weak models for insider threat detection

Paul Thompson

Proceedings Volume 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III; (2004) https://doi.org/10.1117/12.548178
Event: Defense and Security, 2004, Orlando, Florida, United States

Abstract

This paper describes the design for a content-based approach to detecting insider misuse by an analyst producing reports in an environment supported by a document control system. The approach makes use of Hidden Markov Models to represent stages in the Evidence-Based Intelligence Analysis Process Model (EBIAPM). This approach is seen as a potential application for the Process Query System / Tracking and Fusion Engine (PQS/TRAFEN). Actions taken by the insider are viewed as processes that can be detected in PQS/TRAFEN. Text categorization of the content of analyst's queries, documents accessed, and work product are used to disambiguate multiple EBIAPM processes.

Citation Download Citation

Paul Thompson "Weak models for insider threat detection", Proc. SPIE 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III, (15 September 2004); https://doi.org/10.1117/12.548178

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available