Researcher Builds System to Protect Against Malicious InsidersComputerworld (10/14/14) Gaudin, Sharon
Virginia Polytechnic Institute and State University professor Daphne Yao is developing algorithms that can alert companies when an employee might be acting maliciously on their network. "The challenge is to understand the intention of the user and what the user is trying to do," Yao says. She notes the research involves combining big data, analytics, and security to design algorithms that focus on linking human activities with network actions. The key to Yao's research is being able to determine the difference between employees conducting legitimate work and those performing similar actions to sell proprietary information or crash the network. Yao's algorithms are designed to learn what are normal activities and then detect anything unusual. "We build on a model of normal behaviors and then detect a deviation from normal behaviors," she says. "If you see a user logging in and access a database or doing a file read or write in the middle of the night...then you ask, 'Is this a legitimate sequence of actions or is this an anomaly?'" Yao notes the detection system also should be able to corroborate the user's actions with what is happening on the network.