Table 7 The log attribute values included in the behavior features
From: BRITD: behavior rhythm insider threat detection with time awareness and user adaptation
Log Type | Attribute | Value |
|---|---|---|
commonly used* | PC | selfPC |
otherPC | ||
sharedPC | ||
logon | Activity | Logon |
Logoff | ||
device | Activity | Connect |
Disconnect | ||
Receive/Send | Send with cc | |
Send with cc and bcc | ||
Receive | ||
correspond with | inside the organization | |
outside the organization | ||
Attach | ||
file | Activity | copy |
delete | ||
write | ||
open | ||
Media | to USB | |
from USB | ||
disk | ||
Decoy | ||
http | Activity | down |
up | ||
visit |