scholarly journals Insider Threat Detection Based on NLP Word Embedding and Machine Learning

2022 ◽  
Vol 33 (1) ◽  
pp. 619-635
Author(s):  
Mohd Anul Haq ◽  
Mohd Abdul Rahim Khan ◽  
Mohammed Alshehri
Keyword(s):  
Machine Learning ◽  
Word Embedding ◽  
Insider Threat ◽  
Threat Detection

scholarly journals A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

2020 ◽  
Vol 10 (15) ◽  
pp. 5208
Author(s):  
Mohammed Nasser Al-Mhiqani ◽  
Rabiah Ahmad ◽  
Z. Zainal Abidin ◽  
Warusia Yassin ◽  
Aslinda Hassan ◽  
...  
Keyword(s):  
Machine Learning ◽  
Conceptual Understanding ◽  
Machine Learning Techniques ◽  
Insider Threat ◽  
Threat Detection ◽  
Insider Threats ◽  
Fast Detection ◽  
Detection Systems ◽  
Learning Techniques ◽  
Security Property

Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.

Insider Threat Detection Using Supervised Machine Learning Algorithms on an Extremely Imbalanced Dataset

2020 ◽  
Vol 10 (2) ◽  
pp. 1-26
Author(s):  
Naghmeh Moradpoor Sheykhkanloo ◽  
Adam Hall
Keyword(s):  
Machine Learning ◽  
Performance Metrics ◽  
Machine Learning Algorithms ◽  
Third Party ◽  
Supervised Machine Learning ◽  
Machine Learning Techniques ◽  
Insider Threat ◽  
Threat Detection ◽  
Imbalanced Dataset ◽  
The Impact

An insider threat can take on many forms and fall under different categories. This includes malicious insider, careless/unaware/uneducated/naïve employee, and the third-party contractor. Machine learning techniques have been studied in published literature as a promising solution for such threats. However, they can be biased and/or inaccurate when the associated dataset is hugely imbalanced. Therefore, this article addresses the insider threat detection on an extremely imbalanced dataset which includes employing a popular balancing technique known as spread subsample. The results show that although balancing the dataset using this technique did not improve performance metrics, it did improve the time taken to build the model and the time taken to test the model. Additionally, the authors realised that running the chosen classifiers with parameters other than the default ones has an impact on both balanced and imbalanced scenarios, but the impact is significantly stronger when using the imbalanced dataset.

scholarly journals Detecting Insider Threat from Behavioral Logs Based on Ensemble and Self-Supervised Learning

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Chunrui Zhang ◽  
Shen Wang ◽  
Dechen Zhan ◽  
Tingyue Yu ◽  
Tiangang Wang ◽  
...  
Keyword(s):  
Machine Learning ◽  
Spatial Heterogeneity ◽  
Supervised Learning ◽  
Detection Method ◽  
Detection Methods ◽  
Insider Threat ◽  
Threat Detection ◽  
Insider Threats ◽  
Representation Method ◽  
Detection Effect

Recent studies have highlighted that insider threats are more destructive than external network threats. Despite many research studies on this, the spatial heterogeneity and sample imbalance of input features still limit the effectiveness of existing machine learning-based detection methods. To solve this problem, we proposed a supervised insider threat detection method based on ensemble learning and self-supervised learning. Moreover, we propose an entity representation method based on TF-IDF to improve the detection effect. Experimental results show that the proposed method can effectively detect malicious sessions in CERT4.2 and CERT6.2 datasets, where the AUCs are 99.2% and 95.3% in the best case.

Sign in / Sign up

Export Citation Format

Share Document