论文信息 - Insider threat detection using principal component analysis and self-organising map

Insider threat detection using principal component analysis and self-organising map

An insider threat can take on many aspects. Some employees abuse their positions of trust by disrupting normal operations, while others export valuable or confidential data which can damage the employer's marketing position and reputation. In addition, some just lose their credentials which are then abused in their name. In this paper, we use Principal Component Analysis (PCA) in conjunction with Self-Organising Map (SOM) for insider threat detection within an organisation. The results show that using PCA before SOM increases the clustering accuracy.

Naghmeh Moradpoor | Gordon Russell | Martyn Brown

[1] Ram Dantu,et al. Inside the Mind of the Insider: Towards Insider Threat Detection Using Psychophysiological Signals , 2016, J. Internet Serv. Inf. Secur..

[2] Srikanta Tirthapura,et al. Detecting Insider Threats Using RADISH: A System for Real-Time Anomaly Detection in Heterogeneous Data Streams , 2017, IEEE Systems Journal.

[3] Bhavani M. Thuraisingham,et al. Insider Threat Detection Using Stream Mining and Graph Mining , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[4] Brian Hutchinson,et al. Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams , 2017, AAAI Workshops.

[5] Sadie Creese,et al. Automated Insider Threat Detection System Using User and Role-Based Profile Assessment , 2017, IEEE Systems Journal.

[6] Aruna Singh,et al. Applying Modified K-Nearest Neighbor toDetect Insider Threat in CollaborativeInformation Systems , 2014 .

[7] Mudita Singhal,et al. Supervised and Unsupervised methods to detect Insider Threat from Enterprise Social and Online Activity Data , 2015, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[8] Dawn M. Cappelli,et al. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .