skip to main content
research-article
Open Access

User and Entity Behavior Analysis under Urban Big Data

Authors Info & Claims
Published:25 September 2020Publication History
Skip Abstract Section

Abstract

Recently, the urban network infrastructure has undergone a rapid expansion that is increasingly generating a large quantity of data and transforming our cities into smart cities. However, serious security problems arise with this development with more and more smart devices collecting private information under smart city scenario. In this article, we investigate the task of detecting insiders’ anomalous behaviors to prevent urban big data leakage. Specifically, we characterize a user's daily activities from four perspectives and use several deep learning algorithms (long short-term memory (LSTM) and convolutional LSTM (convLSTM)) to calculate deviations between realistic actions and normalcy of daily behaviors and use multilayer perceptron (MLP) to identify abnormal behaviors according to those deviations. To evaluate the proposed multimodel-based system (MBS), we conducted experiments on the CERT (United States Computer Emergency Readiness Team) dataset. The experimental results show that our proposed MBS has a remarkable ability to learn the normal pattern of users’ daily activities and detect anomalous behaviors.

References

  1. Y. Hashem, H. Takabi, R. Dantu, and R. Nielsen. 2017, October. A multi-modal neuro-physiological study of malicious insider threats. In Proceedings of the 2017 International Workshop on Managing Insider Security Threats (pp. 33--44). ACM.Google ScholarGoogle Scholar
  2. B. Tang, Z. Chen, G. Hefferman, T. Wei, H. He, and Q. Yang. 2015, October. A hierarchical distributed fog computing architecture for big data analysis in smart cities. In Proceedings of the ASE Big Data 8 Social Informatics 2015 (p. 28). ACM.Google ScholarGoogle Scholar
  3. Z. Tian, W. Shi, Y. Wang, C. Zhu, X. Du, S. Su, Y. Sun, and N. Guizani. 2019. Real time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Transactions on Industrial Informatics 15, 7 (2019), 4285--4294.Google ScholarGoogle ScholarCross RefCross Ref
  4. E. Al Nuaimi, H. Al Neyadi, N. Mohamed, and J. Al-Jaroodi. 2015. Applications of big data to smart cities. Journal of Internet Services and Applications, 6(1), 25.Google ScholarGoogle ScholarCross RefCross Ref
  5. Z. Tian, X. Gao, S. Su, J. Qiu, X. Du, and M. Guizani. 2019. Evaluating reputation management schemes of internet of vehicles based on evolutionary game theory. IEEE Transactions on Vehicular Technology 68, 6 (2019), 5971--5980.Google ScholarGoogle ScholarCross RefCross Ref
  6. A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi. 2014. Internet of Things for smart cities. IEEE Internet of Things Journal 1, 1 (2014), 22--32.Google ScholarGoogle ScholarCross RefCross Ref
  7. Z. Tian, S. Su, W. Shi, X. Du, M. Guizani, and X. Yu. 2019. A data-driven method for future internet route decision modeling. Future Generation Computer Systems. 95 (2019), 212--220.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. H. Schaffers, N. Komninos, M. Pallot, B. Trousse, M. Nilsson, and A. Oliveira. 2011, May. Smart cities and the future internet: Towards cooperation frameworks for open innovation. In The Future Internet Assembly (pp. 431--446). Springer, Berlin.Google ScholarGoogle Scholar
  9. J. Qiu, L. Du, D. Zhang, S. Su, and Z. Tian. 2019. Nei-TTE: Intelligent traffic time estimation based on fine-grained time derivation of road segments for smart city. IEEE Transactions on Industrial Informatics. 2019. DOI:10.1109/TII.2019.2943906Google ScholarGoogle Scholar
  10. J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami. 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645--1660.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. G. Kortuem, F. Kawsar, V. Sundramoorthy, and D. Fitton. 2009. Smart objects as building blocks for the Internet of Things. IEEE Internet Computing, 14(1), 44--51.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Q. Tan, Y. Gao, J. Shi, X. Wang, B. Fang, and Z. Tian. 2019, April. Toward a comprehensive insight into the eclipse attacks of tor hidden services, IEEE Internet of Things Journal 6, 2 (April 2019), 1584--1593.Google ScholarGoogle ScholarCross RefCross Ref
  13. J. Pan and Z. Yang. 2018, March. Cybersecurity challenges and opportunities in the new edge computing+ IoT world. In Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks 8 Network Function Virtualization (pp. 29--32). ACM.Google ScholarGoogle Scholar
  14. Y. Xiao, V. Rayi, B. Sun, X. Du, F. Hu, and M. Galloway. 2007, Sept. A survey of key management schemes in wireless sensor networks, Journal of Computer Communications 30, 11–12, (Sept. 2007), 2314--2341.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Y. Han, S. Etigowni, H. Liu, S. Zonouz, and A. Petropulu. 2017, 2020, October. Watch me, but don't touch me! Contactless control flow monitoring via electromagnetic emanations. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1095--1108). ACM.Google ScholarGoogle Scholar
  16. Z. Tian, M. Li, M. Qiu, Y. Sun, and S. Su. 2019. Block-DEF: A secure digital evidence framework using blockchain, Information Sciences. 491(2019) 151--165.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. R. Doshi, N. Apthorpe, and N. Feamster. 2018, May. Machine learning DDoS detection for consumer Internet of Things devices. In 2018 IEEE Security and Privacy Workshops (SPW) (pp. 29--35). IEEE.Google ScholarGoogle Scholar
  18. X. Du and H. H. Chen. 2008, Aug. Security in wireless sensor networks, IEEE Wireless Communications Magazine, 15, 4 (Aug. 2008), pp. 60--66Google ScholarGoogle Scholar
  19. The CERT Insider Threat Center. 2016. Common sense guide to mitigating insider threats, fifth edition, CERT, SRI, Carnegie Mellon University, Tech. Rep. CMU/SEI-2015-TR-010, 2016.Google ScholarGoogle Scholar
  20. National Cybersecurity and Communications Integration Center. 2014. Combating the insider threat, The Us Department of homeland security, Tech. Rep., 2014.Google ScholarGoogle Scholar
  21. G. Kul and S. Upadhyaya. 2015, October. A preliminary cyber ontology for insider threats in the financial sector. In Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (pp. 75--78). ACM.Google ScholarGoogle Scholar
  22. I. Agrafiotis, A. Erola, M. Goldsmith, and S. Creese. 2016, October. A tripwire grammar for insider threat detection. In Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats (pp. 105--108). ACM.Google ScholarGoogle Scholar
  23. T. Rashid, I. Agrafiotis, and J. R. Nurse. 2016, October. A new take on detecting insider threats: exploring the use of hidden markov models. In Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats (pp. 47--56). ACM.Google ScholarGoogle Scholar
  24. D. C. Le and A. N. Zincir-Heywood. 2018, May. Evaluating insider threat detection workflow using supervised and unsupervised learning. In 2018 IEEE Security and Privacy Workshops (SPW) (pp. 270--275). IEEE.Google ScholarGoogle Scholar
  25. Y. Hashem, H. Takabi, R. Dantu, and R. Nielsen. 2017, October. A multi-modal neuro-physiological study of malicious insider threats. In Proceedings of the 2017 International Workshop on Managing Insider Security Threats (pp. 33--44). ACM.Google ScholarGoogle Scholar
  26. Y. Hashem, H. Takabi, M. GhasemiGol, and R. Dantu. 2015, October. Towards insider threat detection using psychophysiological signals. In Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (pp. 71--74). ACM.Google ScholarGoogle Scholar
  27. S. Hochreiter and J. Schmidhuber. 1997. Long short-term memory[J]. Neural Computation 9(8) (1997), 1735--1780.Google ScholarGoogle Scholar
  28. S. H. I. Xingjian, Z. Chen, H. Wang, D. Y. Yeung, W. K. Wong, and W. C. Woo. 2015. Convolutional LSTM network: A machine learning approach for precipitation nowcasting. In Advances in Neural Information Processing Systems (pp. 802--810).Google ScholarGoogle Scholar
  29. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=508099.Google ScholarGoogle Scholar
  30. J. Glasser and B. Lindauer. 2013, May. Bridging the gap: A pragmatic approach to generating insider threat data. In 2013 IEEE Security and Privacy Workshops (pp. 98--104). IEEE.Google ScholarGoogle Scholar

Index Terms

  1. User and Entity Behavior Analysis under Urban Big Data

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM/IMS Transactions on Data Science
          ACM/IMS Transactions on Data Science  Volume 1, Issue 3
          Special Issue on Urban Computing and Smart Cities
          August 2020
          217 pages
          ISSN:2691-1922
          DOI:10.1145/3424342
          Issue’s Table of Contents

          Copyright © 2020 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 25 September 2020
          • Online AM: 7 May 2020
          • Accepted: 1 November 2019
          • Revised: 1 September 2019
          • Received: 1 June 2019
          Published in tds Volume 1, Issue 3

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!