A joint project of the Graduate School, Peabody College, and the Jean & Alexander Heard Library

Title page for ETD etd-03152016-201532

Type of Document Dissertation
Author Zhang, Wen
Author's Email Address waynezhang86@gmail.com
URN etd-03152016-201532
Title Learning from Access Log to Mitigate Insider Threats
Degree PhD
Department Computer Science
Advisory Committee
Advisor Name Title
Bradley Malin Committee Chair
Carl Gunter Committee Member
Gautam Biswas Committee Member
Jules White Committee Member
Yuan Xue Committee Member
  • privacy
  • data mining
  • audit
  • access control
Date of Defense 2015-12-09
Availability unrestricted
As the quantity of data collected, stored, and processed in information systems has grown, so too have insider threats. This type of threat is realized when authorized individuals misuse their privileges to violate privacy or security policies. Over the past several decades, various technologies have been introduced to mitigate the insider threat, which can be roughly partitioned into two categories: 1) prospective and 2) retrospective. Prospective technologies are designed to specify and manage a user’s rights, such that misuse can be detected and prevented before it transpires. Conversely, retrospective technologies permit users to invoke privileges aim, but investigate the legitimacy of such actions after the fact.

Despite the existence of such strategies, administrators need to answer several critical questions to put them into practice. First, given a specific circumstance, which type of strategy (i.e., prospective vs. retrospective) should be adopted? Second, given the type of strategy, which is the best approach to support it in an operational manner? Existing approaches addressing them neglect that the data captured by information systems may be able to inform the decision making. As such, the overarching goal of this dissertation is to investigate how best to answer these questions using data-driven approaches.

This dissertation makes three technical contributions. The first contribution is in the introduction of a novel approach to quantify tradeoffs for prospective and retrospective strategies, under which each strategy is translated into a classification model, whereby the misclassification costs for each model are compared to facilitate decision support. This dissertation then introduces several data-driven approaches to realize the strategies. The second contribution is for prospective strategies, with a specific focus on role-based access control (RBAC). This dissertation introduces an approach to evolve an existing RBAC based on evidence in an access log, which relies on a strategy to promote roles from candidates. The third contribution is for retrospective strategies, whereby this dissertation introduces an auditing framework that can leverage workflow information to facilitate misuse detection. These methods are empirically validated in three months of access log (million accesses) derived from a real-world information system.

  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  Zhang.pdf 1.47 Mb 00:06:49 00:03:30 00:03:04 00:01:32 00:00:07

Browse All Available ETDs by ( Author | Department )

If you have more questions or technical problems, please Contact LITS.