MENU: Home Bio Affiliations Research Teaching Publications Videos Collaborators/Students Contact FAQ ©2007-14 RSS

Paper in ACM KDD 2013 “Detecting insider threats in a real corporate database of computer usage activity”

August 11th, 2013 Irfan Essa Posted in AAAI/IJCAI/UAI, Josh Jones, Vinay Bettadapura No Comments »

  • T. E. Senator, H. G. Goldberg, A. Memory, W. T. Young, B. Rees, R. Pierce, D. Huang, M. Reardon, D. A. Bader, E. Chow, I. Essa, J. Jones, V. Bettadapura, D. H. Chau, O. Green, O. Kaya, A. Zakrzewska, E. Briscoe, R. I. L. Mappus, R. McColl, L. Weiss, T. G. Dietterich, A. Fern, W. Wong, S. Das, A. Emmott, J. Irvine, J. Lee, D. Koutra, C. Faloutsos, D. Corkill, L. Friedland, A. Gentzel, and D. Jensen (2013), “Detecting insider threats in a real corporate database of computer usage activity,” in Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining, New York, NY, USA, 2013, pp. 1393-1401. [WEBSITE] [DOI] [BIBTEX]
    @inproceedings{2013-Senator-DITRCDCUA,
      Acmid = {2488213},
      Address = {New York, NY, USA},
      Author = {Senator, Ted E. and Goldberg, Henry G. and Memory, Alex and Young, William T. and Rees, Brad and Pierce, Robert and Huang, Daniel and Reardon, Matthew and Bader, David A. and Chow, Edmond and Essa, Irfan and Jones, Joshua and Bettadapura, Vinay and Chau, Duen Horng and Green, Oded and Kaya, Oguz and Zakrzewska, Anita and Briscoe, Erica and Mappus, Rudolph IV L. and McColl, Robert and Weiss, Lora and Dietterich, Thomas G. and Fern, Alan and Wong, Weng--Keen and Das, Shubhomoy and Emmott, Andrew and Irvine, Jed and Lee, Jay-Yoon and Koutra, Danai and Faloutsos, Christos and Corkill, Daniel and Friedland, Lisa and Gentzel, Amanda and Jensen, David},
      Booktitle = {{Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining}},
      Date-Added = {2013-10-22 22:29:23 +0000},
      Date-Modified = {2014-05-16 20:10:57 +0000},
      Doi = {10.1145/2487575.2488213},
      Isbn = {978-1-4503-2174-7},
      Location = {Chicago, Illinois, USA},
      Numpages = {9},
      Pages = {1393--1401},
      Publisher = {ACM},
      Series = {KDD '13},
      Title = {Detecting insider threats in a real corporate database of computer usage activity},
      Url = {http://doi.acm.org/10.1145/2487575.2488213},
      Year = {2013},
      Bdsk-Url-1 = {http://doi.acm.org/10.1145/2487575.2488213},
      Bdsk-Url-2 = {http://dx.doi.org/10.1145/2487575.2488213}}

Abstract

This paper reports on methods and results of an applied research project by a team consisting of SAIC and four universities to develop, integrate, and evaluate new approaches to detect the weak signals characteristic of insider threats on organizations’ information systems. Our system combines structural and semantic information from a real corporate database of monitored activity on their users’ computers to detect independently developed red team inserts of malicious insider activities. We have developed and applied multiple algorithms for anomaly detection based on suspected scenarios of malicious insider behavior, indicators of unusual activities, high-dimensional statistical patterns, temporal sequences, and normal graph evolution. Algorithms and representations for dynamic graph processing provide the ability to scale as needed for enterprise-level deployments on real-time data streams. We have also developed a visual language for specifying combinations of features, baselines, peer groups, time periods, and algorithms to detect anomalies suggestive of instances of insider threat behavior. We defined over 100 data features in seven categories based on approximately 5.5 million actions per day from approximately 5,500 users. We have achieved area under the ROC curve values of up to 0.979 and lift values of 65 on the top 50 user-days identified on two months of real data.

via ACM DL Detecting insider threats in a real corporate database of computer usage activity.

AddThis Social Bookmark Button

Paper in AISTATS 2013 “Beyond Sentiment: The Manifold of Human Emotions”

April 29th, 2013 Irfan Essa Posted in AAAI/IJCAI/UAI, Behavioral Imaging, Computational Journalism, Numerical Machine Learning, Papers, WWW No Comments »

  • S. Kim, F. Li, G. Lebanon, and I. A. Essa (2013), “Beyond Sentiment: The Manifold of Human Emotions,” in Proceedings of AI STATS, 2013. [PDF] [BIBTEX]
    @inproceedings{2012-Kim-BSMHE,
      Author = {Seungyeon Kim and Fuxin Li and Guy Lebanon and Irfan A. Essa},
      Booktitle = {Proceedings of AI STATS},
      Date-Added = {2013-06-25 12:01:11 +0000},
      Date-Modified = {2013-06-25 12:02:53 +0000},
      Pdf = {http://arxiv.org/pdf/1202.1568v1},
      Title = {Beyond Sentiment: The Manifold of Human Emotions},
      Year = {2013}}

Abstract

Sentiment analysis predicts the presence of positive or negative emotions in a text document. In this paper we consider higher dimensional extensions of the sentiment concept, which represent a richer set of human emotions. Our approach goes beyond previous work in that our model contains a continuous manifold rather than a finite set of human emotions. We investigate the resulting model, compare it to psychological observations, and explore its predictive capabilities. Besides obtaining significant improvements over a baseline without manifold, we are also able to visualize different notions of positive sentiment in different domains.

via [arXiv.org 1202.1568] Beyond Sentiment: The Manifold of Human Emotions.

AddThis Social Bookmark Button

Paper: ACM IWVSSN (2006) “Unsupervised Analysis of Activity Sequences Using Event Motifs”

October 23rd, 2006 Irfan Essa Posted in AAAI/IJCAI/UAI, Aaron Bobick, Activity Recognition, Aware Home, Papers, Raffay Hamid, Siddhartha Maddi No Comments »

  • R. Hamid, S. Maddi, A. Bobick, I. Essa. “Unsupervised Analysis of Activity Sequences Using Event Motifs”, In proceedings of 4th ACM International Workshop on Video Surveillance and Sensor Networks (in conjunction with ACM Multimedia 2006).

Abstract

We present an unsupervised framework to discover characterizations of everyday human activities, and demonstrate how such representations can be used to extract points of interest in event-streams. We begin with the usage of Suffix Trees as an efficient activity-representation to analyze the global structural information of activities, using their local event statistics over the entire continuum of their temporal resolution. Exploiting this representation, we discover characterizing event-subsequences and present their usage in an ensemble-based framework for activity classification. Finally, we propose a method to automatically detect subsequences of events that are locally atypical in a structural sense. Results over extensive data-sets, collected from multiple sensor-rich environments are presented, to show the competence and scalability of the proposed framework.

AddThis Social Bookmark Button

Paper AAAI (2002): “Recognizing Multitasked Activities from Video using Stochastic Context-Free Grammar”

September 29th, 2002 Irfan Essa Posted in AAAI/IJCAI/UAI, Activity Recognition, Darnell Moore, Intelligent Environments, Papers No Comments »

D. Moore and I. Essa (2002). “Recognizing multitasked activities from video using stochastic context-free grammar”, in Proceedings of AAAI 2002. [PDF | Project Site]

Abstract

In this paper, we present techniques for recognizing com- plex, multitasked activities from video. Visual information like image features and motion appearances, combined with domain-specific information, like object context is used ini- tially to label events. Each action event is represented with a unique symbol, allowing for a sequence of interactions to be described as an ordered symbolic string. Then, a model of stochastic context-free grammar (SCFG), which is devel- oped using underlying rules of an activity, is used to provide the structure for recognizing semantically meaningful behav- ior over extended periods. Symbolic strings are parsed us- ing the Earley-Stolcke algorithm to determine the most likely semantic derivation for recognition. Parsing substrings al- lows us to recognize patterns that describe high-level, com- plex events taking place over segments of the video sequence. We introduce new parsing strategies to enable error detection and recovery in stochastic context-free grammar and meth- ods of quantifying group and individual behavior in activities with separable roles. We show through experiments, with a popular card game, the recognition of high-level narratives of multi-player games and the identification of player strate- gies and behavior using computer vision.

Recognizing Black Jack

Recognizing Black Jack

AddThis Social Bookmark Button