Faculty Advisor

Shue, Craig A.

Abstract

The insider threat is one of the most difficult problems in information security. Prior research addresses its detection by using machine learning techniques to profile user behavior. User behavior is represented as low level system events, which do not provide sufficient contextual information about the user's intentions, and lead to high error rates. Our system uses video of a user's sessions as the representation of their behavior, and detects moments during which they perform sensitive tasks. Analysis of the video is accomplished using OCR, scene detection algorithms, and basic text classification. The system outputs the results to a web interface, and our results show that using desktop imagery is a viable alternative to using system calls for insider threat detection.

Publisher

Worcester Polytechnic Institute

Date Accepted

December 2012

Major

Computer Science

Project Type

Major Qualifying Project

Accessibility

Unrestricted

Advisor Department

Computer Science

Share

COinS