Insider Threat Detection Using Log Analysis and Event Correlation

Insider threat is one of the most dangerous security threat, and a much more complex issue. These insiders can be a former or a disgruntled employee or any business associate that has or had an authorised access to information for any particular organization. They have control and security measures. Hence continuous monitoring is essential to track each and every activity within the network. Log management is a strong technique which includes both Log analysis with event correlation which provides the root cause of any attack and network can be protected from security violations. Though intrusion detection is complex process, while checking the ability to detect intrusive behaviour within the internal environment, it has to take care of suppressing the false alarm rate. Some strong approach is required on the basis of which decisions can be taken fast. This paper proposes a probabilistic approach which illustrates the frequency of occurrence of event in percentage while still considering the false alarm rate at an acceptable level.