Title | Insider Threat Detection Based on Users’ Mouse Movements and Keystrokes Behavior |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Hashem, Y, Takabi, H, Dantu, R |
Conference Name | Secure Knowledge Management Workshop |
Date Published | 10/2017 |
Abstract |
Insider threat is considered as one of the most serious threats in cybersecurity and has been a prime security concern for government and industry. Traditional approaches can’t provide efficient solutions, and the threat keeps raising. In this paper, we propose a new approach to insider threat detection and prediction based on the user’s mouse movements and keystrokes behavior. We conduct human subject experiments with 30 participants and capture their mouse movements and keystroke dynamics as they perform several computer-based activities in both benign and malicious scenarios. We extract features and evaluate our approach using several classifiers and statistical analysis measures. The results show that participants performing malicious tasks showed faster speed and longer mouse movements, and long left click and keystroke duration than the benign tasks. Our results suggest that users’ mouse movements and keystrokes behavior can reveal valuable knowledge about their malicious behavior and can be used as indicators in the insider threat monitoring and detection frameworks. |