Detecting Insider Threat from Behavioral Logs Based on Ensemble and Self-Supervised Learning
Keyword(s):
Recent studies have highlighted that insider threats are more destructive than external network threats. Despite many research studies on this, the spatial heterogeneity and sample imbalance of input features still limit the effectiveness of existing machine learning-based detection methods. To solve this problem, we proposed a supervised insider threat detection method based on ensemble learning and self-supervised learning. Moreover, we propose an entity representation method based on TF-IDF to improve the detection effect. Experimental results show that the proposed method can effectively detect malicious sessions in CERT4.2 and CERT6.2 datasets, where the AUCs are 99.2% and 95.3% in the best case.
Keyword(s):
2019 ◽
Vol 2019
◽
pp. 1-9
◽
2020 ◽
Vol 10
(2)
◽
pp. 1-26
2017 ◽
Vol 61
(1)
◽
pp. 202-206
◽