Abstract
Recently, the urban network infrastructure has undergone a rapid expansion that is increasingly generating a large quantity of data and transforming our cities into smart cities. However, serious security problems arise with this development with more and more smart devices collecting private information under smart city scenario. In this article, we investigate the task of detecting insiders’ anomalous behaviors to prevent urban big data leakage. Specifically, we characterize a user's daily activities from four perspectives and use several deep learning algorithms (long short-term memory (LSTM) and convolutional LSTM (convLSTM)) to calculate deviations between realistic actions and normalcy of daily behaviors and use multilayer perceptron (MLP) to identify abnormal behaviors according to those deviations. To evaluate the proposed multimodel-based system (MBS), we conducted experiments on the CERT (United States Computer Emergency Readiness Team) dataset. The experimental results show that our proposed MBS has a remarkable ability to learn the normal pattern of users’ daily activities and detect anomalous behaviors.
- Y. Hashem, H. Takabi, R. Dantu, and R. Nielsen. 2017, October. A multi-modal neuro-physiological study of malicious insider threats. In Proceedings of the 2017 International Workshop on Managing Insider Security Threats (pp. 33--44). ACM.Google Scholar
- B. Tang, Z. Chen, G. Hefferman, T. Wei, H. He, and Q. Yang. 2015, October. A hierarchical distributed fog computing architecture for big data analysis in smart cities. In Proceedings of the ASE Big Data 8 Social Informatics 2015 (p. 28). ACM.Google Scholar
- Z. Tian, W. Shi, Y. Wang, C. Zhu, X. Du, S. Su, Y. Sun, and N. Guizani. 2019. Real time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Transactions on Industrial Informatics 15, 7 (2019), 4285--4294.Google Scholar
Cross Ref
- E. Al Nuaimi, H. Al Neyadi, N. Mohamed, and J. Al-Jaroodi. 2015. Applications of big data to smart cities. Journal of Internet Services and Applications, 6(1), 25.Google Scholar
Cross Ref
- Z. Tian, X. Gao, S. Su, J. Qiu, X. Du, and M. Guizani. 2019. Evaluating reputation management schemes of internet of vehicles based on evolutionary game theory. IEEE Transactions on Vehicular Technology 68, 6 (2019), 5971--5980.Google Scholar
Cross Ref
- A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi. 2014. Internet of Things for smart cities. IEEE Internet of Things Journal 1, 1 (2014), 22--32.Google Scholar
Cross Ref
- Z. Tian, S. Su, W. Shi, X. Du, M. Guizani, and X. Yu. 2019. A data-driven method for future internet route decision modeling. Future Generation Computer Systems. 95 (2019), 212--220.Google Scholar
Digital Library
- H. Schaffers, N. Komninos, M. Pallot, B. Trousse, M. Nilsson, and A. Oliveira. 2011, May. Smart cities and the future internet: Towards cooperation frameworks for open innovation. In The Future Internet Assembly (pp. 431--446). Springer, Berlin.Google Scholar
- J. Qiu, L. Du, D. Zhang, S. Su, and Z. Tian. 2019. Nei-TTE: Intelligent traffic time estimation based on fine-grained time derivation of road segments for smart city. IEEE Transactions on Industrial Informatics. 2019. DOI:10.1109/TII.2019.2943906Google Scholar
- J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami. 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645--1660.Google Scholar
Digital Library
- G. Kortuem, F. Kawsar, V. Sundramoorthy, and D. Fitton. 2009. Smart objects as building blocks for the Internet of Things. IEEE Internet Computing, 14(1), 44--51.Google Scholar
Digital Library
- Q. Tan, Y. Gao, J. Shi, X. Wang, B. Fang, and Z. Tian. 2019, April. Toward a comprehensive insight into the eclipse attacks of tor hidden services, IEEE Internet of Things Journal 6, 2 (April 2019), 1584--1593.Google Scholar
Cross Ref
- J. Pan and Z. Yang. 2018, March. Cybersecurity challenges and opportunities in the new edge computing+ IoT world. In Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks 8 Network Function Virtualization (pp. 29--32). ACM.Google Scholar
- Y. Xiao, V. Rayi, B. Sun, X. Du, F. Hu, and M. Galloway. 2007, Sept. A survey of key management schemes in wireless sensor networks, Journal of Computer Communications 30, 11–12, (Sept. 2007), 2314--2341.Google Scholar
Digital Library
- Y. Han, S. Etigowni, H. Liu, S. Zonouz, and A. Petropulu. 2017, 2020, October. Watch me, but don't touch me! Contactless control flow monitoring via electromagnetic emanations. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1095--1108). ACM.Google Scholar
- Z. Tian, M. Li, M. Qiu, Y. Sun, and S. Su. 2019. Block-DEF: A secure digital evidence framework using blockchain, Information Sciences. 491(2019) 151--165.Google Scholar
Digital Library
- R. Doshi, N. Apthorpe, and N. Feamster. 2018, May. Machine learning DDoS detection for consumer Internet of Things devices. In 2018 IEEE Security and Privacy Workshops (SPW) (pp. 29--35). IEEE.Google Scholar
- X. Du and H. H. Chen. 2008, Aug. Security in wireless sensor networks, IEEE Wireless Communications Magazine, 15, 4 (Aug. 2008), pp. 60--66Google Scholar
- The CERT Insider Threat Center. 2016. Common sense guide to mitigating insider threats, fifth edition, CERT, SRI, Carnegie Mellon University, Tech. Rep. CMU/SEI-2015-TR-010, 2016.Google Scholar
- National Cybersecurity and Communications Integration Center. 2014. Combating the insider threat, The Us Department of homeland security, Tech. Rep., 2014.Google Scholar
- G. Kul and S. Upadhyaya. 2015, October. A preliminary cyber ontology for insider threats in the financial sector. In Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (pp. 75--78). ACM.Google Scholar
- I. Agrafiotis, A. Erola, M. Goldsmith, and S. Creese. 2016, October. A tripwire grammar for insider threat detection. In Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats (pp. 105--108). ACM.Google Scholar
- T. Rashid, I. Agrafiotis, and J. R. Nurse. 2016, October. A new take on detecting insider threats: exploring the use of hidden markov models. In Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats (pp. 47--56). ACM.Google Scholar
- D. C. Le and A. N. Zincir-Heywood. 2018, May. Evaluating insider threat detection workflow using supervised and unsupervised learning. In 2018 IEEE Security and Privacy Workshops (SPW) (pp. 270--275). IEEE.Google Scholar
- Y. Hashem, H. Takabi, R. Dantu, and R. Nielsen. 2017, October. A multi-modal neuro-physiological study of malicious insider threats. In Proceedings of the 2017 International Workshop on Managing Insider Security Threats (pp. 33--44). ACM.Google Scholar
- Y. Hashem, H. Takabi, M. GhasemiGol, and R. Dantu. 2015, October. Towards insider threat detection using psychophysiological signals. In Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (pp. 71--74). ACM.Google Scholar
- S. Hochreiter and J. Schmidhuber. 1997. Long short-term memory[J]. Neural Computation 9(8) (1997), 1735--1780.Google Scholar
- S. H. I. Xingjian, Z. Chen, H. Wang, D. Y. Yeung, W. K. Wong, and W. C. Woo. 2015. Convolutional LSTM network: A machine learning approach for precipitation nowcasting. In Advances in Neural Information Processing Systems (pp. 802--810).Google Scholar
- https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=508099.Google Scholar
- J. Glasser and B. Lindauer. 2013, May. Bridging the gap: A pragmatic approach to generating insider threat data. In 2013 IEEE Security and Privacy Workshops (pp. 98--104). IEEE.Google Scholar
Index Terms
User and Entity Behavior Analysis under Urban Big Data
Recommendations
User Behavior Analytics for Anomaly Detection Using LSTM Autoencoder - Insider Threat Detection
IAIT2020: Proceedings of the 11th International Conference on Advances in Information TechnologyIdentifying anomalies from log data for insider threat detection is practically a very challenging task for security analysts. User behavior modeling is very important for the identification of these anomalies. This paper presents unsupervised user ...
Convolutional neural networks for crowd behaviour analysis: a survey
Interest in automatic crowd behaviour analysis has grown considerably in the last few years. Crowd behaviour analysis has become an integral part all over the world for ensuring peaceful event organizations and minimum casualties in the places of public ...
Deep Learning Based Urban Anomaly Prediction from Spatiotemporal Data
Machine Learning and Knowledge Discovery in DatabasesAbstractUrban anomalies are unusual occurrences like congestion, crowd gathering, road accidents, natural disasters, crime, etc., that cause disturbance in society and, in worst cases, may cause loss to property or life. Prediction of these anomalies at ...






Comments