Share Email Print
cover

Proceedings Paper

Framework for behavioral analytics in anomaly identification
Author(s): Maroun Touma; Elisa Bertino; Brian Rivera; Dinesh Verma; Seraphin Calo
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Behavioral Analytics (BA) relies on digital breadcrumbs to build user profiles and create clusters of entities that exhibit a large degree of similarity. The prevailing assumption is that an entity will assimilate the group behavior of the cluster it belongs to. Our understanding of BA and its application in different domains continues to evolve and is a direct result of the growing interest in Machine Learning research. When trying to detect security threats, we use BA techniques to identify anomalies, defined in this paper as deviation from the group behavior. Early research papers in this field reveal a high number of false positives where a security alert is triggered based on deviation from the cluster learned behavior but still within the norm of what the system defines as an acceptable behavior. Further, domain specific security policies tend to be narrow and inadequately represent what an entity can do. Hence, they: a) limit the amount of useful data during the learning phase; and, b) lead to violation of policy during the execution phase. In this paper, we propose a framework for future research on the role of policies and behavior security in a coalition setting with emphasis on anomaly detection and individual's deviation from group activities.

Paper Details

Date Published: 4 May 2017
PDF: 10 pages
Proc. SPIE 10190, Ground/Air Multisensor Interoperability, Integration, and Networking for Persistent ISR VIII, 101900H (4 May 2017); doi: 10.1117/12.2266374
Show Author Affiliations
Maroun Touma, IBM Thomas J. Watson Research Ctr. (United States)
Elisa Bertino, Purdue Univ. (United States)
Brian Rivera, U.S. Army Research Lab. (United States)
Dinesh Verma, IBM Thomas J. Watson Research Ctr. (United States)
Seraphin Calo, IBM Thomas J. Watson Research Ctr. (United States)


Published in SPIE Proceedings Vol. 10190:
Ground/Air Multisensor Interoperability, Integration, and Networking for Persistent ISR VIII
Tien Pham; Michael A. Kolodny, Editor(s)

© SPIE. Terms of Use
Back to Top