Security Lab Seminar
Sept. 4, 2002
1:30 pm

Yihua Liao

"Machine Learning Techniques for Mitigating Insider Threat"

Insiders constitute the greatest threat to an information system's security. User profiling is an important technique for detecting an
insider's misuse. We present our preliminary results with the Windows NT user profiling data.

Furthermore, we propose FMIT, a framework for mitigating the insider threat. FMIT employs machine learning techniques to adaptively learn user behavior profiles in real time. Meanwhile, user interests are inferred from a user's Web activities, which in turn can help the
security officers understand a user's behavior and infer his or her intent. FMIT overcomes the drawbacks of many previous user profiling
systems and provides a new observable for understanding user behavior.