Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2018, Article ID 5906368, 18 pages
Research Article

Distance Measurement Methods for Improved Insider Threat Detection

Edinburgh Napier University, Edinburgh, UK

Correspondence should be addressed to William J. Buchanan;

Received 24 August 2017; Revised 6 December 2017; Accepted 13 December 2017; Published 17 January 2018

Academic Editor: Gerardo Pelosi

Copyright © 2018 Owen Lo et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account changes of behaviour of users. This work builds on a published method of detecting insider threats and applies Hidden Markov method on a CERT data set (CERT r4.2) and analyses a number of distance vector methods (Damerau–Levenshtein Distance, Cosine Distance, and Jaccard Distance) in order to detect changes of behaviour, which are shown to have success in determining different insider threats.