Generating Test Data for Insider Threat Detectors

Brian Lindauer1+, Joshua Glasser2, Mitch Rosen2, and Kurt Wallnau1


1Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA
 
{lindauer, kcw}@sei.cmu.edu
2ExactData, LLC, Rochester, New York, USA
 {joshua.glasser, mitch.rosen}@exactdata.net

 

 

Abstract

The threat of malicious insider activity continues to be of paramount concern in both the public and private sectors. Though there is great interest in advancing the state of the art in predicting and stopping these threats, the difficulty of obtaining suitable data for research, development, and testing remains a significant hindrance. We outline the use of a synthetic data generator to enable research progress, while discussing the benefits and limitations of synthetic insider threat data, the meaning of realism in this context, comparisons to a hybrid real/synthetic data approach, and future research directions.

Keywords: insider threat, synthetic data, modeling and simulation

 

+: Corresponding author: Brian Lindauer

Software Engineering Institute 4500 Fifth Avenue, Pittsburgh, PA 15213, USA
Tel: +1-512-666-5438

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 5, No. 2, pp. 80-94, June 2014 [pdf]