Detection of Insider Threat Activities: A Data Analysis Approach
TimeTuesday, July 246:30pm - 8:30pm
DescriptionThe inside threat against any organization’s intelligence property and interest and has become the prime cyber-security concern to public and private organizations. To detect and predict insider-threat problems, many scholars have put forward technical, social or socio-technical approaches, relying on linguistic and sentiment analysis. While these approaches may make us better understand motivations behind insider threats and bring about more efficient and close monitoring, through the development of user profiles from certain cyber cues. In this work, we present a new direction to address this problem. With the test data collected from Enron emails as well as testbed data, we use machine learning approach to identify insider threats by analyzing texts. We can use Natural Language Toolkit (NLTK) tool for sentiment analysis, Netlytic tool for Word Cloud Analysis and Gephi tool for Social Network Analysis. Meanwhile, we implement the Median Absolute Deviation (MAD) method to identify cases where the threat level of a given person would be considered as an outlier compared to those of other peers being profiled.