Insider threat detection of adaptive optimization DBN for behavior logs

For the problems of insider threats such as great harm due to damage and resultant loss, difficulty in extracting abnormal behavior features of insiders because of transparency and concealment, and low detection rate, an insider threat detection model using adaptive optimization DBN for behavior logs is put forward. The model carries out deep learning based on the integrated and normalized behavior logs to fully learn normal and abnormal behavior features of insiders to form optimal representations of the behavior features of insiders. The experimental results show that the multiple-hidden-layer deep learning model can fully learn the behavior features of insiders, improving the detection rate of insider threat. Particularly, the adaptive optimization method of the golden section is better than that using the dichotomy method, which can increase the threat detection rate of the DBN model to 97.872%, with more significant advantages.

[1]  Amos Azaria,et al.  Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data , 2014, IEEE Transactions on Computational Social Systems.

[2]  Geoffrey E. Hinton Training Products of Experts by Minimizing Contrastive Divergence , 2002, Neural Computation.

[3]  Dawn M. Cappelli,et al.  Combating the Insider Cyber Threat , 2008, IEEE Security & Privacy.

[4]  Lewis D. Griffin,et al.  Automated detection of smuggled high-risk security threats using Deep Learning , 2016, ICDP.

[5]  Geoffrey E. Hinton,et al.  Reducing the Dimensionality of Data with Neural Networks , 2006, Science.

[6]  Geoffrey E. Hinton,et al.  An Efficient Learning Procedure for Deep Boltzmann Machines , 2012, Neural Computation.

[7]  Merrill Warkentin,et al.  Leader’s dilemma game: An experimental design for cyber insider threat research , 2015, Information Systems Frontiers.

[8]  Yoshua. Bengio,et al.  Learning Deep Architectures for AI , 2007, Found. Trends Mach. Learn..

[9]  George Cybenko Deep Learning of Behaviors for Security , 2015, IWSPA@CODASPY.

[10]  Ching-Yung Lin,et al.  Uncovering insider threats from the digital footprints of individuals , 2016, IBM J. Res. Dev..

[11]  Geoffrey E. Hinton A Practical Guide to Training Restricted Boltzmann Machines , 2012, Neural Networks: Tricks of the Trade.

[12]  Rob Fergus,et al.  Visualizing and Understanding Convolutional Networks , 2013, ECCV.

[13]  Fuchun Sun,et al.  Building feature space of extreme learning machine with sparse denoising stacked-autoencoder , 2016, Neurocomputing.

[14]  Yee Whye Teh,et al.  A Fast Learning Algorithm for Deep Belief Nets , 2006, Neural Computation.

[15]  Alexey Stakhov,et al.  The Generalized Principle of the Golden Section and its applications in mathematics, science, and engineering , 2005 .