论文信息 - Against Insider Threats with Hybrid Anomaly Detection with Local-Feature Autoencoder and Global Statistics (LAGS)

Against Insider Threats with Hybrid Anomaly Detection with Local-Feature Autoencoder and Global Statistics (LAGS)

Internal user threats such as information leakage or system destruction can cause significant damage to the organization, however it is very difficult to prevent or detect this attack in advance. In this paper, we propose an anomaly-based insider threat detection method with local features and global statistics over the assumption that a user shows different patterns from regular behaviors during harmful actions. We experimentally show that our detection mechanism can achieve superior performance compared to the state of the art approaches for CMU CERT dataset. key words: abnormal detection, sequence-to-sequence learning, autoencoder, reconstruction error

[1] Yeonseung Ryu,et al. Detecting Insider Threat Based on Machine Learning: Anomaly Detection Using RNN Autoencoder , 2017 .

[2] Geoffrey E. Hinton,et al. Reducing the Dimensionality of Data with Neural Networks , 2006, Science.

[3] Yanbing Liu,et al. Insider Threat Detection with Deep Neural Network , 2018, ICCS.

[4] Jason R. C. Nurse,et al. A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models , 2016, MIST@CCS.

[5] Joshua Glasser,et al. Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data , 2013, 2013 IEEE Security and Privacy Workshops.

[6] Jun Zhang,et al. Detecting and Preventing Cyber Insider Threats: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[7] Brian Hutchinson,et al. Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams , 2017, AAAI Workshops.

[8] Quoc V. Le,et al. Sequence to Sequence Learning with Neural Networks , 2014, NIPS.

[9] Lovekesh Vig,et al. LSTM-based Encoder-Decoder for Multi-sensor Anomaly Detection , 2016, ArXiv.