Insider Threat Detection Based on Deep Belief Network Feature Representation

Lin, Lingli; Zhong, Shangping; Jia, Cunmin; Chen, Kaizhi

doi:10.1109/icgi.2017.37

Cited by 42 publications

(23 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several works use LSTM [14,16] for feature learning, followed by classification algorithms, like CNN. Another approach used deep learning for feature learning and then applied one class SVM [15] for classification. Our proposed approach gave an improved AUC = 97.38 when compared to the method using LSTM [16] gave an AUC = 94.49.…”

Section: Resultsmentioning

confidence: 99%

“…Random Forest with Randomization [13] Random Forest [13] 94.00 90.00 LSTM-RNN [14] 93.85 DBN-OCSVM [15] 87.79 Graph Convolutional Networks [42] 94.50 Proposed Method 96.34…”

Section: Methods Accuracy (%)mentioning

confidence: 99%

“…Lin et al [15] formulated a hybrid method using Deep Belief Networks (DBN) for feature reconstruction, and One Class SVM (OCSVM) for insider threat detection. In the first step, the features were learned using the DBN model.…”

Section: Related Workmentioning

confidence: 99%

“…The dataset comprises of various log files with information regarding the user's logon/logoff details (logon.csv), details of the user browsing history (http.csv), file access patterns (files.csv), external device usage within the organization (device.csv), and email communications sent/received by the user (email.csv). The feature vector is constructed using a frequency-based approach as in Reference [12][13][14][15]18]. Figure 2 depicts how the normalized feature vector is created from log files.…”

Section: Feature Vector Constructionmentioning

confidence: 99%

See 3 more Smart Citations

Image-Based Feature Representation for Insider Threat Classification

2020

View full text Add to dashboard Cite

Cybersecurity attacks can arise from internal and external sources. The attacks perpetrated by internal sources are also referred to as insider threats. These are a cause of serious concern to organizations because of the significant damage that can be inflicted by malicious insiders. In this paper, we propose an approach for insider threat classification which is motivated by the effectiveness of pre-trained deep convolutional neural networks (DCNNs) for image classification. In the proposed approach, we extract features from usage patterns of insiders and represent these features as images. Hence, images are used to represent the resource access patterns of the employees within an organization. After construction of images, we use pre-trained DCNNs for anomaly detection, with the aim to identify malicious insiders. Random under sampling is used for reducing the class imbalance issue. The proposed approach is evaluated using the MobileNetV2, VGG19, and ResNet50 pre-trained models, and a benchmark dataset. Experimental results show that the proposed method is effective and outperforms other state-of-the-art methods.

show abstract

Section: Resultsmentioning

confidence: 99%

“…Random Forest with Randomization [13] Random Forest [13] 94.00 90.00 LSTM-RNN [14] 93.85 DBN-OCSVM [15] 87.79 Graph Convolutional Networks [42] 94.50 Proposed Method 96.34…”

Section: Methods Accuracy (%)mentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Feature Vector Constructionmentioning

confidence: 99%

See 2 more Smart Citations

Image-Based Feature Representation for Insider Threat Classification

2020

View full text Add to dashboard Cite

show abstract

“…Hsieh et al, Isis Rose et al, and Nkosi et al [93][94][95] analyzed active directory services and audit logs using the Markov model, hierarchical task decomposition, and a rule learning algorithm, respectively. The works [96][97][98][99][100][101][102][103][104][105][106][107][108][109] combined and analyzed multiple log features collected from multiple sources, such as email, HTTP, logon, files, and devices to detect insider threats using statistical methods and machine-learning techniques.…”

Section: Cyber Activity Behaviormentioning

confidence: 99%

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

et al. 2020

View full text Add to dashboard Cite

Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.

show abstract

Contrastive Learning for Insider Threat Detection

Vinay

Yuan

2022

Database Systems for Advanced Applications

View full text Add to dashboard Cite

Insider Threat Detection Based on Deep Belief Network Feature Representation

Cited by 42 publications

References 9 publications

Image-Based Feature Representation for Insider Threat Classification

Image-Based Feature Representation for Insider Threat Classification

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

Contrastive Learning for Insider Threat Detection

Contact Info

Product

Resources

About