The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition
In this paper we present open research questions and options for data analysis of our previously designed dataset called TWOS: The Wolf of SUTD. In specified research questions, we illustrate the potential use of the TWOS dataset in multiple areas of cyber security, which does not limit only to mali...
- Autores:
- Tipo de recurso:
- Fecha de publicación:
- 2018
- Institución:
- Universidad del Rosario
- Repositorio:
- Repositorio EdocUR - U. Rosario
- Idioma:
- eng
- OAI Identifier:
- oai:repository.urosario.edu.co:10336/22495
- Acceso en línea:
- https://doi.org/10.22667/JOWUA.2018.03.31.054
https://repository.urosario.edu.co/handle/10336/22495
- Palabra clave:
- Authorship verification
Continuous authentication
Feature extraction
Malicious insider threat
Masquerader
Multiplayer game
Sentiment analysis
Traitor
User behavior monitoring
- Rights
- License
- Abierto (Texto Completo)
| id |
EDOCUR2_bd43090b8dd802f4f36e348b60e2f506 |
|---|---|
| oai_identifier_str |
oai:repository.urosario.edu.co:10336/22495 |
| network_acronym_str |
EDOCUR2 |
| network_name_str |
Repositorio EdocUR - U. Rosario |
| repository_id_str |
|
| dc.title.spa.fl_str_mv |
The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition |
| title |
The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition |
| spellingShingle |
The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition Authorship verification Continuous authentication Feature extraction Malicious insider threat Masquerader Multiplayer game Sentiment analysis Traitor User behavior monitoring |
| title_short |
The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition |
| title_full |
The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition |
| title_fullStr |
The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition |
| title_full_unstemmed |
The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition |
| title_sort |
The Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competition |
| dc.subject.keyword.spa.fl_str_mv |
Authorship verification Continuous authentication Feature extraction Malicious insider threat Masquerader Multiplayer game Sentiment analysis Traitor User behavior monitoring |
| topic |
Authorship verification Continuous authentication Feature extraction Malicious insider threat Masquerader Multiplayer game Sentiment analysis Traitor User behavior monitoring |
| description |
In this paper we present open research questions and options for data analysis of our previously designed dataset called TWOS: The Wolf of SUTD. In specified research questions, we illustrate the potential use of the TWOS dataset in multiple areas of cyber security, which does not limit only to malicious insider threat detection but are also related to authorship verification and identification, continuous authentication, and sentiment analysis. For the purpose of investigating the research questions, we present several state-of-the-art features applicable to collected data sources, and thus we provide researchers with a guidance how to start with data analysis. The TWOS dataset was collected during a gamified competition that was devised in order to obtain realistic instances of malicious insider threat. The competition simulated user interactions in/among competing companies, where two types of behaviors (normal and malicious) were incentivized. For the case of malicious behavior,we designed two types of malicious periods that was intended to capture the behavior of two types of insiders – masqueraders and traitors. The game involved the participation of 6 teams consisting of 4 students who competed with each other for a period of 5 days. Their activities were monitored by several data collection agents and producing data for mouse, keyboard, process and file-system monitor, network traffic, emails, and login/logout data sources. In total, we obtained 320 hours of active participation that included 18 hours of masquerader data and at least two instances of traitor data. In addition to expected malicious behaviors, students explored various defensive and offensive strategies such as denial of service attacks and obfuscation techniques, in an effort to get ahead in the competition. The TWOS dataset was made publicly accessible for further research purposes. In this paper we present the TWOS dataset that contains realistic instances of insider threats based on a gamified competition. The competition simulated user interactions in/among competing companies, where two types of behaviors (normal and malicious) were incentivized. For the case of malicious behavior, we designed sessions for two types of insider threats (masqueraders and traitors). The game involved the participation of 6 teams consisting of 4 students who competed with each other for a period of 5 days, while their activities were monitored considering several heterogeneous sources (mouse, keyboard, process and file-system monitor, network traffic, emails and login/logout). In total, we obtained 320 hours of active participation that included 18 hours of masquerader data and at least two instances of traitor data. In addition to expected malicious behaviors, students explored various defensive and offensive strategies such as denial of service attacks and obfuscation techniques, in an effort to get ahead in the competition. Furthermore, we illustrate the potential use of the TWOS dataset in multiple areas of cyber security, which does not limit to malicious insider threat detection, but also areas such as authorship verification and identification, continuous authentication, and sentiment analysis. We also present several state-of-the-art features that can be extracted from different data sources in order to guide researchers in the analysis of the dataset. The TWOS dataset is publicly accessible for further research purposes. © 2018, Innovative Information Science and Technology Research Group. All rights reserved. |
| publishDate |
2018 |
| dc.date.created.spa.fl_str_mv |
2018 |
| dc.date.accessioned.none.fl_str_mv |
2020-05-25T23:56:43Z |
| dc.date.available.none.fl_str_mv |
2020-05-25T23:56:43Z |
| dc.type.eng.fl_str_mv |
article |
| dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
| dc.type.coar.fl_str_mv |
http://purl.org/coar/resource_type/c_6501 |
| dc.type.spa.spa.fl_str_mv |
Artículo |
| dc.identifier.doi.none.fl_str_mv |
https://doi.org/10.22667/JOWUA.2018.03.31.054 |
| dc.identifier.issn.none.fl_str_mv |
20935382 20935374 |
| dc.identifier.uri.none.fl_str_mv |
https://repository.urosario.edu.co/handle/10336/22495 |
| url |
https://doi.org/10.22667/JOWUA.2018.03.31.054 https://repository.urosario.edu.co/handle/10336/22495 |
| identifier_str_mv |
20935382 20935374 |
| dc.language.iso.spa.fl_str_mv |
eng |
| language |
eng |
| dc.relation.citationEndPage.none.fl_str_mv |
85 |
| dc.relation.citationIssue.none.fl_str_mv |
No. 1 |
| dc.relation.citationStartPage.none.fl_str_mv |
54 |
| dc.relation.citationTitle.none.fl_str_mv |
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications |
| dc.relation.citationVolume.none.fl_str_mv |
Vol. 9 |
| dc.relation.ispartof.spa.fl_str_mv |
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, ISSN:20935382, 20935374, Vol.9, No.1 (2018); pp. 54-85 |
| dc.relation.uri.spa.fl_str_mv |
https://www.scopus.com/inward/record.uri?eid=2-s2.0-85047556211&doi=10.22667%2fJOWUA.2018.03.31.054&partnerID=40&md5=b69d946f9b2c8f6ebcecd406134ffb0c |
| dc.rights.coar.fl_str_mv |
http://purl.org/coar/access_right/c_abf2 |
| dc.rights.acceso.spa.fl_str_mv |
Abierto (Texto Completo) |
| rights_invalid_str_mv |
Abierto (Texto Completo) http://purl.org/coar/access_right/c_abf2 |
| dc.format.mimetype.none.fl_str_mv |
application/pdf |
| dc.publisher.spa.fl_str_mv |
Innovative Information Science and Technology Research Group |
| institution |
Universidad del Rosario |
| dc.source.instname.spa.fl_str_mv |
instname:Universidad del Rosario |
| dc.source.reponame.spa.fl_str_mv |
reponame:Repositorio Institucional EdocUR |
| repository.name.fl_str_mv |
Repositorio institucional EdocUR |
| repository.mail.fl_str_mv |
edocur@urosario.edu.co |
| _version_ |
1818106832362668032 |
| spelling |
8bb75af3-7901-4bce-988b-d288ff69037d-11430e73a-6afe-4493-a8c5-5cb90cfe15fd-18664dde7-9fb1-4350-8b22-6ef112cbc4c7-19b72ba46-b2f4-424d-a5cd-8bea16665306-17aa08791-7814-46b7-a1d6-957e1f823fad-193fe43ea-e958-4dcb-acfd-1165e79649f4-1946286dd-28e3-4e8b-a7dd-8a90e3f0545c-12020-05-25T23:56:43Z2020-05-25T23:56:43Z2018In this paper we present open research questions and options for data analysis of our previously designed dataset called TWOS: The Wolf of SUTD. In specified research questions, we illustrate the potential use of the TWOS dataset in multiple areas of cyber security, which does not limit only to malicious insider threat detection but are also related to authorship verification and identification, continuous authentication, and sentiment analysis. For the purpose of investigating the research questions, we present several state-of-the-art features applicable to collected data sources, and thus we provide researchers with a guidance how to start with data analysis. The TWOS dataset was collected during a gamified competition that was devised in order to obtain realistic instances of malicious insider threat. The competition simulated user interactions in/among competing companies, where two types of behaviors (normal and malicious) were incentivized. For the case of malicious behavior,we designed two types of malicious periods that was intended to capture the behavior of two types of insiders – masqueraders and traitors. The game involved the participation of 6 teams consisting of 4 students who competed with each other for a period of 5 days. Their activities were monitored by several data collection agents and producing data for mouse, keyboard, process and file-system monitor, network traffic, emails, and login/logout data sources. In total, we obtained 320 hours of active participation that included 18 hours of masquerader data and at least two instances of traitor data. In addition to expected malicious behaviors, students explored various defensive and offensive strategies such as denial of service attacks and obfuscation techniques, in an effort to get ahead in the competition. The TWOS dataset was made publicly accessible for further research purposes. In this paper we present the TWOS dataset that contains realistic instances of insider threats based on a gamified competition. The competition simulated user interactions in/among competing companies, where two types of behaviors (normal and malicious) were incentivized. For the case of malicious behavior, we designed sessions for two types of insider threats (masqueraders and traitors). The game involved the participation of 6 teams consisting of 4 students who competed with each other for a period of 5 days, while their activities were monitored considering several heterogeneous sources (mouse, keyboard, process and file-system monitor, network traffic, emails and login/logout). In total, we obtained 320 hours of active participation that included 18 hours of masquerader data and at least two instances of traitor data. In addition to expected malicious behaviors, students explored various defensive and offensive strategies such as denial of service attacks and obfuscation techniques, in an effort to get ahead in the competition. Furthermore, we illustrate the potential use of the TWOS dataset in multiple areas of cyber security, which does not limit to malicious insider threat detection, but also areas such as authorship verification and identification, continuous authentication, and sentiment analysis. We also present several state-of-the-art features that can be extracted from different data sources in order to guide researchers in the analysis of the dataset. The TWOS dataset is publicly accessible for further research purposes. © 2018, Innovative Information Science and Technology Research Group. All rights reserved.application/pdfhttps://doi.org/10.22667/JOWUA.2018.03.31.0542093538220935374https://repository.urosario.edu.co/handle/10336/22495engInnovative Information Science and Technology Research Group85No. 154Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable ApplicationsVol. 9Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, ISSN:20935382, 20935374, Vol.9, No.1 (2018); pp. 54-85https://www.scopus.com/inward/record.uri?eid=2-s2.0-85047556211&doi=10.22667%2fJOWUA.2018.03.31.054&partnerID=40&md5=b69d946f9b2c8f6ebcecd406134ffb0cAbierto (Texto Completo)http://purl.org/coar/access_right/c_abf2instname:Universidad del Rosarioreponame:Repositorio Institucional EdocURAuthorship verificationContinuous authenticationFeature extractionMalicious insider threatMasqueraderMultiplayer gameSentiment analysisTraitorUser behavior monitoringThe Wolf of SUTD (TWOS): A dataset of malicious insider threat behavior based on a gamified competitionarticleArtículohttp://purl.org/coar/version/c_970fb48d4fbd8a85http://purl.org/coar/resource_type/c_6501Harilal A.Toffalini F.Homoliak I.Castellanos J.Guarnizo J.Mondal S.Ochoa M.10336/22495oai:repository.urosario.edu.co:10336/224952022-05-02 07:37:14.201542https://repository.urosario.edu.coRepositorio institucional EdocURedocur@urosario.edu.co |