A Study of CADS approach in Collaborative Information System for Detecting Anomalous Insiders

A group of users are allowed to communicate and cooperate over a common task with the help of Collaborative Information System. Collaborative information systems (CISs) are deployed within a diverse array of environments that manage sensitive information. Recent breakthroughs in networking, storage and ubiquitous computing have facilitated an explosion in the deployment of CIS across a wide range of environments. Current security mechanisms detect insider threats but they are not efficient to monitor systems in which users function in dynamic teams. In this paper, we introduce the community anomaly detection system (CADS), an unsupervised learning Framework to detect insider threats based on the access logs of collaborative environments. A CADS consists of two components: 1) Relational pattern extraction, which derives community structures and 2) Anomaly prediction, which leverages a statistical model to determine when users have sufficiently deviated from communities. We further extend CADS into MetaCADS to account for the semantics of subjects (e.g., patients' diagnoses). Based on the analysis of result illustrates when the number of illicit users is low, MetaCADS is the best model. But as the number grows, commonly accessed semantics lead to hiding in a crowd such that CADS is more prudent.