Abstract

Collaborative information systems (CISs) are deployed within a diverse array of environments that manage sensitive information. Current security mechanisms detect insider threats, but they are ill-suited to monitor systems in which users function in dynamic teams. In this paper, we introduce the community anomaly detection system (CADS), an unsupervised learning framework to detect insider threats based on the access logs of collaborative environments. The framework is based on the observation that typical CIS users tend to form community structures based on the subjects accessed (e.g., patients' records viewed by healthcare providers). CADS consists of two components: 1) relational pattern extraction, which derives community structures and 2) anomaly prediction, which leverages a statistical model to determine when users have sufficiently deviated from communities. We further extend CADS into MetaCADS to account for the semantics of subjects (e.g., patients' diagnoses). To empirically evaluate the framework, we perform an assessment with three months of access logs from a real electronic health record (EHR) system in a large medical center. The results illustrate our models exhibit significant performance gains over state-of-the-art competitors. When the number of illicit users is low, MetaCADS is the best model, but as the number grows, commonly accessed semantics lead to hiding in a crowd, such that CADS is more prudent.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Detection of Anomalous Insiders in Collaborative Environments via Relational Analysis of Access Logs.
You Chen ... Bradley Malin
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy | VOL. 2011
You Chen, et. al.You Chen ... Bradley Malin
21 Feb 2011
Medical Student Use of Electronic and Paper Health Records During Inpatient Clinical Clerkships: Results of a National Longitudinal Study.
Lauren M Foster ... David B Swanson
Academic medicine : journal of the Association of American Medical Colleges | VOL. 93
Lauren M Foster, et. al.Lauren M Foster ... David B Swanson
01 Nov 2018
Specializing network analysis to detect anomalous insider actions
You Chen ... Steve Nyemba
Security Informatics | VOL. 1
You Chen, et. al.You Chen ... Steve Nyemba
27 Feb 2012
Perceptions of hospital electronic health record (EHR) training, support, and patient safety by staff position and tenure
Joanne Campione ... Helen Liu
BMC Health Services Research | VOL. 24
Joanne Campione, et. al.Joanne Campione ... Helen Liu
20 Aug 2024
View more papers

More From: IEEE Transactions on Dependable and Secure Computing

Paper Title
Journal
Date
Author
IMIH: Imperceptible Medical Image Hiding for Secure Healthcare
Ping Ping ... Pan Wei
IEEE Transactions on Dependable and Secure Computing | VOL. 21
Ping Ping, et. al.Ping Ping ... Pan Wei
01 Sep 2024
Sine: Similarity is Not Enough for Mitigating Local Model Poisoning Attacks in Federated Learning
Harsh Kasyap ... Somanath Tripathy
IEEE Transactions on Dependable and Secure Computing | VOL. 21
Harsh Kasyap, et. al.Harsh Kasyap ... Somanath Tripathy
01 Sep 2024
Concise RingCT Protocol Based on Linkable Threshold Ring Signature
Junke Duan ... Xiaoya Hu
IEEE Transactions on Dependable and Secure Computing | VOL. 21
Junke Duan, et. al.Junke Duan ... Xiaoya Hu
01 Sep 2024
MicroFI: Non-Intrusive and Prioritized Request-Level Fault Injection for Microservice Applications
Hongyang Chen ... Zilong He
IEEE Transactions on Dependable and Secure Computing | VOL. 21
Hongyang Chen, et. al.Hongyang Chen ... Zilong He
01 Sep 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.