Campus Units

Electrical and Computer Engineering, Computer Science

Document Type

Article

Publication Version

Accepted Manuscript

Publication Date

6-2017

Journal or Book Title

IEEE Systems Journal

Volume

11

Issue

2

First Page

471

Last Page

482

DOI

10.1109/JSYST.2016.2558507

Abstract

We present a scalable system for high-throughput real-time analysis of heterogeneous data streams. Our architecture enables incremental development of models for predictive analytics and anomaly detection as data arrives into the system. In contrast with batch data-processing systems, such as Hadoop, that can have high latency, our architecture allows for ingest and analysis of data on the fly, thereby detecting and responding to anomalous behavior in near real time. This timeliness is important for applications such as insider threat, financial fraud, and network intrusions. We demonstrate an application of this system to the problem of detecting insider threats, namely, the misuse of an organization's resources by users of the system and present results of our experiments on a publicly available insider threat dataset.

Comments

This is a manuscript of an article published as Böse, Brock, Bhargav Avasarala, Srikanta Tirthapura, Yung-Yu Chung, and Donald Steiner. "Detecting insider threats using radish: a system for real-time anomaly detection in heterogeneous data streams." IEEE Systems Journal 11, no. 2 (2017): 471-482. DOI: 10.1109/JSYST.2016.2558507. Posted with permission.

Rights

Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Copyright Owner

IEEE

Language

en

File Format

application/pdf

Published Version

Share

COinS