Machine learning based Insider Threat Modelling and Detection

Recently, malicious insider attacks represent one of the most damaging threats to companies and government agencies. This paper proposes a new framework in constructing a user-centered machine learning based insider threat detection system on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious insiders, where insider scenario specific results and delay in detection are reported and discussed. Our results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders with a high accuracy.

[1]  Marcus A. Maloof,et al.  Detecting Insider Theft of Trade Secrets , 2009, IEEE Security & Privacy.

[2]  Bhavani M. Thuraisingham,et al.  Unsupervised incremental sequence learning for insider threat detection , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[3]  Malcolm I. Heywood,et al.  Benchmarking evolutionary computation approaches to insider threat detection , 2018, GECCO.

[4]  Ethem Alpaydin,et al.  Introduction to machine learning , 2004, Adaptive computation and machine learning.

[5]  Oliver Brdiczka,et al.  Multi-Domain Information Fusion for Insider Threat Detection , 2013, 2013 IEEE Security and Privacy Workshops.

[6]  Lawrence B. Holder,et al.  Insider Threat Detection Using a Graph-Based Approach , 2010 .

[7]  Taghi M. Khoshgoftaar,et al.  The Effect of Data Sampling When Using Random Forest on Imbalanced Bioinformatics Data , 2015, 2015 IEEE International Conference on Information Reuse and Integration.

[8]  Brian Hutchinson,et al.  Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams , 2017, AAAI Workshops.

[9]  Duc C. Le,et al.  Evaluating Insider Threat Detection Workflow Using Supervised and Unsupervised Learning , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[10]  Mudita Singhal,et al.  Supervised and Unsupervised methods to detect Insider Threat from Enterprise Social and Online Activity Data , 2015, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[11]  Matthew L Collins,et al.  Common Sense Guide to Mitigating Insider Threats, Fifth Edition , 2016 .

[12]  Sadie Creese,et al.  Automated Insider Threat Detection System Using User and Role-Based Profile Assessment , 2017, IEEE Systems Journal.

[13]  Thomas G. Dietterich,et al.  Detecting insider threats in a real corporate database of computer usage activity , 2013, KDD.

[14]  Jason R. C. Nurse,et al.  A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models , 2016, MIST@CCS.

[15]  Ted E. Senator,et al.  Insider Threat Detection in PRODIGAL , 2017, HICSS.

[16]  Salvatore J. Stolfo,et al.  Anomaly Detection at Multiple Scales (ADAMS) , 2011 .

[17]  Jun Zhang,et al.  Detecting and Preventing Cyber Insider Threats: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[18]  Srikanta Tirthapura,et al.  Detecting Insider Threats Using RADISH: A System for Real-Time Anomaly Detection in Heterogeneous Data Streams , 2017, IEEE Systems Journal.

[19]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[20]  Joshua Glasser,et al.  Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data , 2013, 2013 IEEE Security and Privacy Workshops.