Abstract:
An intrusion detection system generally detects unwanted manipulations to computer systems. In recent years, this technology has been used to protect personal information after it has been collected by an organization. Selecting an appropriate IDS is an important decision for system security administrators, to keep authorized employees from abusing their access to the system to exploit sensitive information. To date, little work has been done to create a benchmark for small and mid-size organizations to measure and compare the capability of different insider threat IDSs which are based on user profiling. It motivates us to create a benchmark which enables organizations to compare these different IDSs. The benchmark is used to produce useful comparisons of the accuracy and overhead of two key research implementations of future insider threat intrusion algorithms, which are based on user behavior.