Abstract
Malicious insiders’ difficult-to-detect activities pose serious threats to the intelligence community (IC) when these activities go undetected. A novel approach that integrates the results of social network analysis, role-based access monitoring, and semantic analysis of insiders’ communications as evidence for evaluation by a risk assessor is being tested on an IC simulation. A semantic analysis, by our proven Natural Language Processing (NLP) system, of the insider’s text-based communications produces conceptual representations that are clustered and compared on the expected vs. observed scope. The determined risk level produces an input to a risk analysis algorithm that is merged with outputs from the system’s social network analysis and role-based monitoring modules.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Chen, A.H., Miranda, R., Zeng, D.D., Demchak, C., Schroeder, J., Madhusudan, T. (eds.): Intelligence and Security Informatics: First NSF/NIJ Symposium. Proceedings of First NSF/NIJ Symposium, Tucson. Springer, Heidelberg (2003)
Allan, J., Lavrenko, V., Malin, D., Swan, R.: Detections, Bounds, and Timelines: UMass and TDT-3 (2000), http://citeseer.nj.nec.com/455856.html
Anderson, J.: Computer Security Threat Monitoring and Surveillance. James P. Anderson Co., Fort Washington (April 15, 1980)
Anderson, R.: Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems: Results of a Three-Day Workshop (1999), http://www.rand.org/publications/CF/CF151/CF151.pdf
Berkhin, P.: Survey Of Clustering Data Mining Techniques (2000), http://citeseer.nj.nec.com/berkhin02survey.html
Burgoon, J., Blair, J., Qin, T., Nunamaker Jr., J.: Detecting Deception Through Linguistic Analysis. Presented at First NSF/NIJ Symposium on Intelligence and Security Informatics, Tucson, AZ (2003)
Hotho, A., Staab, S., Stumme, G.: Text clustering based on background knowledge (2003), http://citeseer.nj.nec.com/hotho03text.html
Lawrence, R.H., Bauer, R.K.: AINT misbehaving: A taxonomy of anti-intrusion techniques (2000), http://www.sans.org/resources/idfaq/aint.php
Liddy, E.D.: Natural Language Processing. In: Encyclopedia of Library and Information Science, 2nd edn., Marcel Decker, Inc., New York (2003)
Liddy, E.D.: Scenario Based Question-Answer Systems. In: Presented at AQUAINT 2003 PI Meeting (2003), http://cnlp.org/presentations/present.asp?show=conference
Patman, F., Thompson, P.: A New Frontier in Text Mining. In: Chen, H., Miranda, R., Zeng, D.D., Demchak, C.C., Schroeder, J., Madhusudan, T. (eds.) ISI 2003. LNCS, vol. 2665, pp. 27–38. Springer, Heidelberg (2003)
Raskin, V., Hempelmann, C., Triezenberg, K., Nirenburg, S.: Ontology in Information Security: a Useful Theoretical Foundation and Methodological Tool. Presented at 2001 Workshop on New Security Paradigms, pp. 53–59 (2001)
Sreenath, D.V., Grosky, W.I., Fotouhi, F.: Emergent Semantics from Users’ Browsing Paths. In: Chen, H., Miranda, R., Zeng, D.D., Demchak, C.C., Schroeder, J., Madhusudan, T. (eds.) ISI 2003. LNCS, vol. 2665, pp. 355–357. Springer, Heidelberg (2003)
Steinbach, M., Karypis, G., Kumar, V.: A comparison of document clustering techniques (2000), http://citeseer.nj.nec.com/steinbach00comparison.html
Stolfo, S., Hershkop, S., Wang, K., Nimeskern, O., Hu, C.: Behavior Profiling of Email. In: Chen, H., Miranda, R., Zeng, D.D., Demchak, C.C., Schroeder, J., Madhusudan, T. (eds.) ISI 2003. LNCS, vol. 2665, pp. 74–90. Springer, Heidelberg (2003)
Upadhyaya, S., Chinchani, R., K., K.: An Analytical Framework for Reasoning About Intrusions. Presented at 20th IEEE Symposium on Reliable Distributed Systems, pp. 99–108 (2001)
Ward Jr., J.H.: Hierarchical grouping to optimize an objective function. Journal of the American Statistical Association 58, 236–244 (1963)
Zhao, Y., Karypis, G.: Evaluation of Hierarchical Clustering Algorithms for Document Datasets (2002), http://citeseer.nj.nec.com/zhao02evaluation.html
Zheng, R., Yi, O., Zan, H., Hsinchun, C.: Authorship Analysis in Cybercrime Investigation. In: Chen, H., Miranda, R., Zeng, D.D., Demchak, C.C., Schroeder, J., Madhusudan, T. (eds.) ISI 2003. LNCS, vol. 2665, pp. 59–73. Springer, Heidelberg (2003)
Zhou, L., Burgoon, J.K., Twitchell, D.P.: A Longitudinal Analysis of Language Behavior of Deception in E-mail. In: Chen, H., Miranda, R., Zeng, D.D., Demchak, C.C., Schroeder, J., Madhusudan, T. (eds.) ISI 2003. LNCS, vol. 2665, pp. 102–110. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Symonenko, S., Liddy, E.D., Yilmazel, O., Del Zoppo, R., Brown, E., Downey, M. (2004). Semantic Analysis for Monitoring Insider Threats. In: Chen, H., Moore, R., Zeng, D.D., Leavitt, J. (eds) Intelligence and Security Informatics. ISI 2004. Lecture Notes in Computer Science, vol 3073. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25952-7_40
Download citation
DOI: https://doi.org/10.1007/978-3-540-25952-7_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22125-8
Online ISBN: 978-3-540-25952-7
eBook Packages: Springer Book Archive