Ítem
Solo Metadatos

The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition

dc.creatorHarilal A.spa
dc.creatorToffalini F.spa
dc.creatorHomoliak I.spa
dc.creatorCastellanos J.spa
dc.creatorGuarnizo J.spa
dc.creatorMondal S.spa
dc.creatorOchoa M.spa
dc.date.accessioned2020-05-25T23:56:43Z
dc.date.available2020-05-25T23:56:43Z
dc.date.created2018spa
dc.description.abstractIn this paper we present open research questions and options for data analysis of our previously designed dataset called TWOS: The Wolf of SUTD. In specified research questions, we illustrate the potential use of the TWOS dataset in multiple areas of cyber security, which does not limit only to malicious insider threat detection but are also related to authorship verification and identification, continuous authentication, and sentiment analysis. For the purpose of investigating the research questions, we present several state-of-the-art features applicable to collected data sources, and thus we provide researchers with a guidance how to start with data analysis. The TWOS dataset was collected during a gamified competition that was devised in order to obtain realistic instances of malicious insider threat. The competition simulated user interactions in/among competing companies, where two types of behaviors (normal and malicious) were incentivized. For the case of malicious behavior,we designed two types of malicious periods that was intended to capture the behavior of two types of insiders – masqueraders and traitors. The game involved the participation of 6 teams consisting of 4 students who competed with each other for a period of 5 days. Their activities were monitored by several data collection agents and producing data for mouse, keyboard, process and file-system monitor, network traffic, emails, and login/logout data sources. In total, we obtained 320 hours of active participation that included 18 hours of masquerader data and at least two instances of traitor data. In addition to expected malicious behaviors, students explored various defensive and offensive strategies such as denial of service attacks and obfuscation techniques, in an effort to get ahead in the competition. The TWOS dataset was made publicly accessible for further research purposes. In this paper we present the TWOS dataset that contains realistic instances of insider threats based on a gamified competition. The competition simulated user interactions in/among competing companies, where two types of behaviors (normal and malicious) were incentivized. For the case of malicious behavior, we designed sessions for two types of insider threats (masqueraders and traitors). The game involved the participation of 6 teams consisting of 4 students who competed with each other for a period of 5 days, while their activities were monitored considering several heterogeneous sources (mouse, keyboard, process and file-system monitor, network traffic, emails and login/logout). In total, we obtained 320 hours of active participation that included 18 hours of masquerader data and at least two instances of traitor data. In addition to expected malicious behaviors, students explored various defensive and offensive strategies such as denial of service attacks and obfuscation techniques, in an effort to get ahead in the competition. Furthermore, we illustrate the potential use of the TWOS dataset in multiple areas of cyber security, which does not limit to malicious insider threat detection, but also areas such as authorship verification and identification, continuous authentication, and sentiment analysis. We also present several state-of-the-art features that can be extracted from different data sources in order to guide researchers in the analysis of the dataset. The TWOS dataset is publicly accessible for further research purposes. © 2018, Innovative Information Science and Technology Research Group. All rights reserved.eng
dc.format.mimetypeapplication/pdf
dc.identifier.doihttps://doi.org/10.22667/JOWUA.2018.03.31.054
dc.identifier.issn20935382
dc.identifier.issn20935374
dc.identifier.urihttps://repository.urosario.edu.co/handle/10336/22495
dc.language.isoengspa
dc.publisherInnovative Information Science and Technology Research Groupspa
dc.relation.citationEndPage85
dc.relation.citationIssueNo. 1
dc.relation.citationStartPage54
dc.relation.citationTitleJournal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
dc.relation.citationVolumeVol. 9
dc.relation.ispartofJournal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, ISSN:20935382, 20935374, Vol.9, No.1 (2018); pp. 54-85spa
dc.relation.urihttps://www.scopus.com/inward/record.uri?eid=2-s2.0-85047556211&doi=10.22667%2fJOWUA.2018.03.31.054&partnerID=40&md5=b69d946f9b2c8f6ebcecd406134ffb0cspa
dc.rights.accesRightsinfo:eu-repo/semantics/openAccess
dc.rights.accesoAbierto (Texto Completo)spa
dc.source.instnameinstname:Universidad del Rosariospa
dc.source.reponamereponame:Repositorio Institucional EdocURspa
dc.subject.keywordAuthorship verificationspa
dc.subject.keywordContinuous authenticationspa
dc.subject.keywordFeature extractionspa
dc.subject.keywordMalicious insider threatspa
dc.subject.keywordMasqueraderspa
dc.subject.keywordMultiplayer gamespa
dc.subject.keywordSentiment analysisspa
dc.subject.keywordTraitorspa
dc.subject.keywordUser behavior monitoringspa
dc.titleThe Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competitionspa
dc.typearticleeng
dc.type.hasVersioninfo:eu-repo/semantics/publishedVersion
dc.type.spaArtículospa
Archivos
Colecciones