scholarly journals A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

2020 ◽  
Vol 10 (15) ◽  
pp. 5208
Author(s):  
Mohammed Nasser Al-Mhiqani ◽  
Rabiah Ahmad ◽  
Z. Zainal Abidin ◽  
Warusia Yassin ◽  
Aslinda Hassan ◽  
...  
Keyword(s):  
Machine Learning ◽  
Conceptual Understanding ◽  
Machine Learning Techniques ◽  
Insider Threat ◽  
Threat Detection ◽  
Insider Threats ◽  
Fast Detection ◽  
Detection Systems ◽  
Learning Techniques ◽  
Security Property

Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.

scholarly journals An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques

Entropy ◽  
2021 ◽  
Vol 23 (10) ◽  
pp. 1258
Author(s):  
Taher Al-Shehari ◽  
Rakan A. Alsowail
Keyword(s):  
Machine Learning ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Machine Learning Techniques ◽  
Sensitive Period ◽  
Insider Threat ◽  
Leakage Detection ◽  
Insider Threats ◽  
Insider Attack ◽  
Proposed Model

Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.

scholarly journals Research on threat detection in cyber security based on machine learning

2021 ◽  
Vol 2113 (1) ◽  
pp. 012074
Author(s):  
Qiwei Ke
Keyword(s):  
Machine Learning ◽  
Cyber Security ◽  
Information Privacy ◽  
Machine Learning Techniques ◽  
Threat Detection ◽  
Vulnerability Detection ◽  
New Information ◽  
Learning Techniques ◽  
Potential Problems ◽  
Insight Into

Abstract The volume of the data has been rocketed since the new information era arrives. How to protect information privacy and detect the threat whenever the intrusion happens has become a hot topic. In this essay, we are going to look into the latest machine learning techniques (including deep learning) which are applicable in intrusion detection, malware detection, and vulnerability detection. And the comparison between the traditional methods and novel methods will be demonstrated in detail. Specially, we would examine the whole experiment process of representative examples from recent research projects to give a better insight into how the models function and cooperate. In addition, some potential problems and improvements would be illustrated at the end of each section.

scholarly journals A Semi-Supervised Learning Approach for Tackling Twitter Spam Drift

2019 ◽  
Vol 18 (02) ◽  
pp. 1950010 ◽  
Author(s):  
Niddal Imam ◽  
Biju Issac ◽  
Seibu Mary Jacob
Keyword(s):  
Machine Learning ◽  
Supervised Learning ◽  
Research Community ◽  
Machine Learning Techniques ◽  
Spam Detection ◽  
Learning Approach ◽  
New Approach ◽  
Detection Systems ◽  
Learning Techniques ◽  
Over Time

Twitter has changed the way people get information by allowing them to express their opinion and comments on the daily tweets. Unfortunately, due to the high popularity of Twitter, it has become very attractive to spammers. Unlike other types of spam, Twitter spam has become a serious issue in the last few years. The large number of users and the high amount of information being shared on Twitter play an important role in accelerating the spread of spam. In order to protect the users, Twitter and the research community have been developing different spam detection systems by applying different machine-learning techniques. However, a recent study showed that the current machine learning-based detection systems are not able to detect spam accurately because spam tweet characteristics vary over time. This issue is called “Twitter Spam Drift”. In this paper, a semi-supervised learning approach (SSLA) has been proposed to tackle this. The new approach uses the unlabeled data to learn the structure of the domain. Different experiments were performed on English and Arabic datasets to test and evaluate the proposed approach and the results show that the proposed SSLA can reduce the effect of Twitter spam drift and outperform the existing techniques.

Insider Threat Detection Using Supervised Machine Learning Algorithms on an Extremely Imbalanced Dataset

2020 ◽  
Vol 10 (2) ◽  
pp. 1-26
Author(s):  
Naghmeh Moradpoor Sheykhkanloo ◽  
Adam Hall
Keyword(s):  
Machine Learning ◽  
Performance Metrics ◽  
Machine Learning Algorithms ◽  
Third Party ◽  
Supervised Machine Learning ◽  
Machine Learning Techniques ◽  
Insider Threat ◽  
Threat Detection ◽  
Imbalanced Dataset ◽  
The Impact

An insider threat can take on many forms and fall under different categories. This includes malicious insider, careless/unaware/uneducated/naïve employee, and the third-party contractor. Machine learning techniques have been studied in published literature as a promising solution for such threats. However, they can be biased and/or inaccurate when the associated dataset is hugely imbalanced. Therefore, this article addresses the insider threat detection on an extremely imbalanced dataset which includes employing a popular balancing technique known as spread subsample. The results show that although balancing the dataset using this technique did not improve performance metrics, it did improve the time taken to build the model and the time taken to test the model. Additionally, the authors realised that running the chosen classifiers with parameters other than the default ones has an impact on both balanced and imbalanced scenarios, but the impact is significantly stronger when using the imbalanced dataset.

scholarly journals On evaluation of Network Intrusion Detection Systems: Statistical analysis of CIDDS-001 dataset using Machine Learning Techniques

2019 ◽  
Author(s):  
Abhishek Verma ◽  
Virender Ranga
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Network Intrusion Detection ◽  
Detection Systems ◽  
Network Intrusion ◽  
Learning Techniques ◽  
Network Intrusion Detection Systems ◽  
Secure Networks

In the era of digital revolution, a huge amount of data is being generated from different networks on a daily basis. Security of this data is of utmost importance. Intrusion Detection Systems are found to be one the best solutions towards detecting intrusions. Network Intrusion Detection Systems are employed as a defence system to secure networks. Various techniques for the effective development of these defence systems have been proposed in the literature. However, the research on the development of datasets used for training and testing purpose of such defence systems is equally concerned. Better datasets improve the online and offline intrusion detection capability of detection model. Benchmark datasets like KDD 99 and NSL-KDD cup 99 obsolete and do not contain network traces of modern attacks like Denial of Service, hence are unsuitable for the evaluation purpose. In this work, a detailed analysis of CIDDS-001 dataset has been done and presented. We have used different well-known machine learning techniques for analysing the complexity of the dataset. Eminent evaluation metrics including Detection Rate, Accuracy, False Positive Rate, Kappa statistics, Root mean squared error have been used to show the performance of employed machine learning techniques.

scholarly journals Detection of Anonymising Proxies using Machine Learning

2021 ◽  
Vol 13 (6) ◽  
pp. 0-0
Keyword(s):  
Machine Learning ◽  
Computational Models ◽  
Transmission Control Protocol ◽  
Web Server ◽  
Machine Learning Techniques ◽  
Virtual Private Networks ◽  
Ip Address ◽  
Detection Systems ◽  
Learning Techniques ◽  
Using Data

Network Proxies and Virtual Private Networks (VPN) are tools that are used every day to facilitate various business functions. However, they have gained popularity amongst unintended userbases as tools that can be used to hide mask identities while using websites and web-services. Anonymising Proxies and/or VPNs act as an intermediary between a user and a web server with a Proxy and/or VPN IP address taking the place of the user’s IP address that is forwarded to the web server. This paper presents computational models based on intelligent machine learning techniques to address the limitations currently experienced by unauthorised user detection systems. A model to detect usage of anonymising proxies was developed using a Multi-layered perceptron neural network that was trained using data found in the Transmission Control Protocol (TCP) header of captured network packets

Sign in / Sign up

Export Citation Format

Share Document