Dynamic Insider Threat Detection Based on Adaptable Genetic Programming

Different variations in deployment environments of machine learning techniques may affect the performance of the implemented systems. The variations may cause changes in the data for machine learning solutions, such as in the number of classes and the extracted features. This paper investigates the capabilities of Genetic Programming (GP) for malicious insider detection in corporate environments under such changes. Assuming a Linear GP detector, techniques are introduced to allow a previously trained GP population to adapt to different changes in the data. The experiments and evaluation results show promising insider threat detection performances of the techniques in comparison with training machine learning classifiers from scratch. This reduces the amount of data needed and computation requirements for obtaining dependable insider threat detectors under new conditions.

[1]  Brian Hutchinson,et al.  Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams , 2017, AAAI Workshops.

[2]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[3]  Duc C. Le,et al.  Evaluating Insider Threat Detection Workflow Using Supervised and Unsupervised Learning , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[4]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[5]  Matthew L Collins,et al.  Common Sense Guide to Mitigating Insider Threats, Fifth Edition , 2016 .

[6]  Thomas G. Dietterich,et al.  Detecting insider threats in a real corporate database of computer usage activity , 2013, KDD.

[7]  Wolfgang Banzhaf,et al.  Linear Genetic Programming (Genetic and Evolutionary Computation) , 2006 .

[8]  Jason R. C. Nurse,et al.  A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models , 2016, MIST@CCS.

[9]  Oliver Brdiczka,et al.  Multi-Domain Information Fusion for Insider Threat Detection , 2013, 2013 IEEE Security and Privacy Workshops.

[10]  Joshua Glasser,et al.  Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data , 2013, 2013 IEEE Security and Privacy Workshops.

[11]  Bhavani M. Thuraisingham,et al.  Unsupervised incremental sequence learning for insider threat detection , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[12]  A. Nur Zincir-Heywood,et al.  On botnet behaviour analysis using GP and C4.5 , 2014, GECCO.

[13]  Malcolm I. Heywood,et al.  On botnet detection with genetic programming under streaming data, label budgets and class imbalance , 2017, Swarm Evol. Comput..

[14]  Duc C. Le,et al.  Machine learning based Insider Threat Modelling and Detection , 2019, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[15]  A. Nur Zincir-Heywood,et al.  Botnet Detection System Analysis on the Effect of Botnet Evolution and Feature Representation , 2015, GECCO.

[16]  John A. Clark,et al.  Evolutionary computation techniques for intrusion detection in mobile ad hoc networks , 2011, Comput. Networks.

[17]  M. Kubát An Introduction to Machine Learning , 2017, Springer International Publishing.

[18]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[19]  Malcolm I. Heywood,et al.  Training genetic programming on half a million patterns: an example from anomaly detection , 2005, IEEE Transactions on Evolutionary Computation.

[20]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[21]  Mudita Singhal,et al.  Supervised and Unsupervised methods to detect Insider Threat from Enterprise Social and Online Activity Data , 2015, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[22]  Malcolm I. Heywood,et al.  Benchmarking evolutionary computation approaches to insider threat detection , 2018, GECCO.

[23]  Malcolm I. Heywood Evolutionary model building under streaming data for classification tasks: opportunities and challenges , 2014, Genetic Programming and Evolvable Machines.

[24]  Jun Zhang,et al.  Detecting and Preventing Cyber Insider Threats: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[25]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[26]  Leman Akoglu,et al.  xStream: Outlier Detection in Feature-Evolving Data Streams , 2018, KDD.

[27]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[28]  Lawrence B. Holder,et al.  Insider Threat Detection Using a Graph-Based Approach , 2010 .