Insider threats: Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware)

Andrew Stephen McGough; David Wall; John Brennan; Georgios Theodoropoulos; Ed Ruck-Keene; Budi Arief; Carl Gamble; John Fitzgerald; Aad Van Moorsel; Sujeewa Alwis

doi:10.1145/2808783.2808785

Insider threats: Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware)

Andrew Stephen McGough
, David Wall
, John Brennan
, Georgios Theodoropoulos
, Ed Ruck-Keene
, Budi Arief
, Carl Gamble
, John Fitzgerald
, Aad Van Moorsel
, Sujeewa Alwis

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this paper, we present the concept of "Ben-ware" as a beneficial software system capable of identifying anomalous human behaviour within a 'closed' organisation's IT infrastructure. We note that this behaviour may be malicious (for example, an employee is seeking to act against the best interest of the organisation by stealing confidential information) or benign (for example, an employee is applying some workaround to complete their job). To help distinguish between users who are intentionally malicious and those who are benign, we use human behaviour modelling along with Artificial Intelligence. Ben-ware has been developed as a distributed system comprising of probes for data collection, intermediate nodes for data routing and higher nodes for data analysis. This allows for real-time analysis with low impact on the overall infrastructure, which may contain legacy and low-power resources. We present an analysis of the appropriateness of the Ben-ware system for deployment within a large closed organisation, comprising of both new and legacy hardware, to protect its essential information. This analysis is performed in terms of the memory footprint, disk footprint and processing requirements of the different parts of the system.

Original language	English
Title of host publication	MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015
Publisher	Association for Computing Machinery
Pages	1-12
Number of pages	12
ISBN (Electronic)	9781450338240
DOIs	https://doi.org/10.1145/2808783.2808785
Publication status	Published - 16 Oct 2015
Event	7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015 - Denver, United States Duration: 12 Oct 2015 → …

Publication series

Name	MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015

Conference

Conference	7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015
Country/Territory	United States
City	Denver
Period	12/10/15 → …

Bibliographical note

Publisher Copyright:
© 2015 ACM.

Keywords

Anomalous behavior
Artificial intelligence
Assistive tool
Detection
Ethics
Human behaviour
Insider threats

ASJC Scopus subject areas

Information Systems
Computer Science Applications

Access to Document

10.1145/2808783.2808785

Cite this

McGough, A. S., Wall, D., Brennan, J., Theodoropoulos, G., Ruck-Keene, E., Arief, B., Gamble, C., Fitzgerald, J., Van Moorsel, A., & Alwis, S. (2015). Insider threats: Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware). In MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015 (pp. 1-12). (MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015). Association for Computing Machinery . https://doi.org/10.1145/2808783.2808785

McGough, Andrew Stephen ; Wall, David ; Brennan, John et al. / Insider threats : Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware). MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015. Association for Computing Machinery , 2015. pp. 1-12 (MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015).

@inproceedings{7e368b800d874bc788f9218c5ea2ffcb,

title = "Insider threats: Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware)",

abstract = "In this paper, we present the concept of {"}Ben-ware{"} as a beneficial software system capable of identifying anomalous human behaviour within a 'closed' organisation's IT infrastructure. We note that this behaviour may be malicious (for example, an employee is seeking to act against the best interest of the organisation by stealing confidential information) or benign (for example, an employee is applying some workaround to complete their job). To help distinguish between users who are intentionally malicious and those who are benign, we use human behaviour modelling along with Artificial Intelligence. Ben-ware has been developed as a distributed system comprising of probes for data collection, intermediate nodes for data routing and higher nodes for data analysis. This allows for real-time analysis with low impact on the overall infrastructure, which may contain legacy and low-power resources. We present an analysis of the appropriateness of the Ben-ware system for deployment within a large closed organisation, comprising of both new and legacy hardware, to protect its essential information. This analysis is performed in terms of the memory footprint, disk footprint and processing requirements of the different parts of the system.",

keywords = "Anomalous behavior, Artificial intelligence, Assistive tool, Detection, Ethics, Human behaviour, Insider threats",

author = "McGough, \{Andrew Stephen\} and David Wall and John Brennan and Georgios Theodoropoulos and Ed Ruck-Keene and Budi Arief and Carl Gamble and John Fitzgerald and \{Van Moorsel\}, Aad and Sujeewa Alwis",

note = "Publisher Copyright: {\textcopyright} 2015 ACM.; 7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015 ; Conference date: 12-10-2015",

year = "2015",

month = oct,

day = "16",

doi = "10.1145/2808783.2808785",

language = "English",

series = "MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015",

publisher = "Association for Computing Machinery ",

pages = "1--12",

booktitle = "MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015",

}

McGough, AS, Wall, D, Brennan, J, Theodoropoulos, G, Ruck-Keene, E, Arief, B, Gamble, C, Fitzgerald, J, Van Moorsel, A & Alwis, S 2015, Insider threats: Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware). in MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015. MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015, Association for Computing Machinery , pp. 1-12, 7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015, Denver, United States, 12/10/15. https://doi.org/10.1145/2808783.2808785

Insider threats: Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware). / McGough, Andrew Stephen; Wall, David; Brennan, John et al.
MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015. Association for Computing Machinery , 2015. p. 1-12 (MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Insider threats

T2 - 7th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2015

AU - McGough, Andrew Stephen

AU - Wall, David

AU - Brennan, John

AU - Theodoropoulos, Georgios

AU - Ruck-Keene, Ed

AU - Arief, Budi

AU - Gamble, Carl

AU - Fitzgerald, John

AU - Van Moorsel, Aad

AU - Alwis, Sujeewa

PY - 2015/10/16

Y1 - 2015/10/16

N2 - In this paper, we present the concept of "Ben-ware" as a beneficial software system capable of identifying anomalous human behaviour within a 'closed' organisation's IT infrastructure. We note that this behaviour may be malicious (for example, an employee is seeking to act against the best interest of the organisation by stealing confidential information) or benign (for example, an employee is applying some workaround to complete their job). To help distinguish between users who are intentionally malicious and those who are benign, we use human behaviour modelling along with Artificial Intelligence. Ben-ware has been developed as a distributed system comprising of probes for data collection, intermediate nodes for data routing and higher nodes for data analysis. This allows for real-time analysis with low impact on the overall infrastructure, which may contain legacy and low-power resources. We present an analysis of the appropriateness of the Ben-ware system for deployment within a large closed organisation, comprising of both new and legacy hardware, to protect its essential information. This analysis is performed in terms of the memory footprint, disk footprint and processing requirements of the different parts of the system.

AB - In this paper, we present the concept of "Ben-ware" as a beneficial software system capable of identifying anomalous human behaviour within a 'closed' organisation's IT infrastructure. We note that this behaviour may be malicious (for example, an employee is seeking to act against the best interest of the organisation by stealing confidential information) or benign (for example, an employee is applying some workaround to complete their job). To help distinguish between users who are intentionally malicious and those who are benign, we use human behaviour modelling along with Artificial Intelligence. Ben-ware has been developed as a distributed system comprising of probes for data collection, intermediate nodes for data routing and higher nodes for data analysis. This allows for real-time analysis with low impact on the overall infrastructure, which may contain legacy and low-power resources. We present an analysis of the appropriateness of the Ben-ware system for deployment within a large closed organisation, comprising of both new and legacy hardware, to protect its essential information. This analysis is performed in terms of the memory footprint, disk footprint and processing requirements of the different parts of the system.

KW - Anomalous behavior

KW - Artificial intelligence

KW - Assistive tool

KW - Detection

KW - Ethics

KW - Human behaviour

KW - Insider threats

UR - https://www.scopus.com/pages/publications/84954316616

U2 - 10.1145/2808783.2808785

DO - 10.1145/2808783.2808785

M3 - Conference contribution

AN - SCOPUS:84954316616

T3 - MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015

SP - 1

EP - 12

BT - MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015

PB - Association for Computing Machinery

Y2 - 12 October 2015

ER -

McGough AS, Wall D, Brennan J, Theodoropoulos G, Ruck-Keene E, Arief B et al. Insider threats: Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware). In MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015. Association for Computing Machinery . 2015. p. 1-12. (MIST 2015 - Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, co-located with CCS 2015). doi: 10.1145/2808783.2808785

Insider threats: Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware)

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this