Show simple item record

Learning from Access Log to Mitigate Insider Threats

dc.creatorZhang, Wen
dc.date.accessioned2020-08-21T21:10:28Z
dc.date.available2016-03-17
dc.date.issued2016-03-17
dc.identifier.urihttps://etd.library.vanderbilt.edu/etd-03152016-201532
dc.identifier.urihttp://hdl.handle.net/1803/10799
dc.description.abstractAs the quantity of data collected, stored, and processed in information systems has grown, so too have insider threats. This type of threat is realized when authorized individuals misuse their privileges to violate privacy or security policies. Over the past several decades, various technologies have been introduced to mitigate the insider threat, which can be roughly partitioned into two categories: 1) prospective and 2) retrospective. Prospective technologies are designed to specify and manage a user’s rights, such that misuse can be detected and prevented before it transpires. Conversely, retrospective technologies permit users to invoke privileges aim, but investigate the legitimacy of such actions after the fact. Despite the existence of such strategies, administrators need to answer several critical questions to put them into practice. First, given a specific circumstance, which type of strategy (i.e., prospective vs. retrospective) should be adopted? Second, given the type of strategy, which is the best approach to support it in an operational manner? Existing approaches addressing them neglect that the data captured by information systems may be able to inform the decision making. As such, the overarching goal of this dissertation is to investigate how best to answer these questions using data-driven approaches. This dissertation makes three technical contributions. The first contribution is in the introduction of a novel approach to quantify tradeoffs for prospective and retrospective strategies, under which each strategy is translated into a classification model, whereby the misclassification costs for each model are compared to facilitate decision support. This dissertation then introduces several data-driven approaches to realize the strategies. The second contribution is for prospective strategies, with a specific focus on role-based access control (RBAC). This dissertation introduces an approach to evolve an existing RBAC based on evidence in an access log, which relies on a strategy to promote roles from candidates. The third contribution is for retrospective strategies, whereby this dissertation introduces an auditing framework that can leverage workflow information to facilitate misuse detection. These methods are empirically validated in three months of access log (million accesses) derived from a real-world information system.
dc.format.mimetypeapplication/pdf
dc.subjectprivacy
dc.subjectdata mining
dc.subjectaudit
dc.subjectaccess control
dc.titleLearning from Access Log to Mitigate Insider Threats
dc.typedissertation
dc.contributor.committeeMemberCarl Gunter
dc.contributor.committeeMemberJules White
dc.contributor.committeeMemberYuan Xue
dc.contributor.committeeMemberGautam Biswas
dc.type.materialtext
thesis.degree.namePHD
thesis.degree.leveldissertation
thesis.degree.disciplineComputer Science
thesis.degree.grantorVanderbilt University
local.embargo.terms2016-03-17
local.embargo.lift2016-03-17
dc.contributor.committeeChairBradley Malin


Files in this item

Icon

This item appears in the following Collection(s)

Show simple item record