Volume 5 - Issue 2
Generating Test Data for Insider Threat Detectors
- Brian Lindauer
Software Engineering Institute Carnegie Mellon University Pittsburgh, Pennsylvania, U.S.A.
lindauer@sei.cmu.edu
- Joshua Glasser
ExactData, LLC Rochester, New York, U.S.A.
joshua.glasser@exactdata.net
- Mitch Rosen
ExactData, LLC Rochester, New York, U.S.A.
mitch.rosen@exactdata.net
- Kurt Wallnau
Software Engineering Institute Carnegie Mellon University Pittsburgh, Pennsylvania, U.S.A.
kcw@sei.cmu.edu
Keywords: insider threat, synthetic data, modeling and simulation
Abstract
The threat of malicious insider activity continues to be of paramount concern in both the public and
private sectors. Though there is great interest in advancing the state of the art in predicting and
stopping these threats, the difficulty of obtaining suitable data for research, development, and testing
remains a significant hindrance. We outline the use of a synthetic data generator to enable research
progress, while discussing the benefits and limitations of synthetic insider threat data, the meaning
of realism in this context, comparisons to a hybrid real/synthetic data approach, and future research
directions.