Insider Threat Detection Using Multi-autoencoder Filtering and Unsupervised Learning

Wei, Yichen; Chow, Kam-Pui; Yiu, Siu-Ming

doi:10.1007/978-3-030-56223-6_15

Cited by 3 publications

(2 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wei et al [7] apply an unsupervised deep learning framework together with an unsupervised multi-autoencoder to detect insider threats. For this purpose, the authors analyze system logs.…”

Section: Related Workmentioning

confidence: 99%

Improving Data Generalization With Variational Autoencoders for Network Traffic Anomaly Detection

et al. 2021

View full text Add to dashboard Cite

Deep generative models have increasingly become popular in different domains such as image processing, though, they hardly appear in the cybersecurity arena. While the main application of these models is dimensionality reduction, marginally they have been utilized for overcoming challenges such as data generalization and overfitting issues inherited from feature selection methods. To solve the mentioned challenges, we propose a combined architecture comprising a Conditional Variational AutoEncoder (CVAE) and a Random Forest (RF) classifier to automatically learn similarity among input features, provide data distribution in order to extract discriminative features from original features, and finally classify various types of attacks. CVAE introduces the labels of traffic packets into a latent space in order to better learn the changes of input samples and distinguish the data characteristics of each class. It avoids the confusion between classes while learning the whole data distribution. Compared with feature selection mechanisms such as Support Vector Machine Online (SVMo) by considering various evaluation metrics, the proposed architecture demonstrates considerable improvement in terms of performance. To verify the versatility of the proposed architecture, two publicly available datasets have been used in experiments.

show abstract

“…Wei et al [7] apply an unsupervised deep learning framework together with an unsupervised multi-autoencoder to detect insider threats. For this purpose, the authors analyze system logs.…”

Section: Related Workmentioning

confidence: 99%

Improving Data Generalization With Variational Autoencoders for Network Traffic Anomaly Detection

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Al-Duwairi et al [5] proposed a LogDos method, which can filter GET-based message log records and remove data packets from malicious hosts. Wei et al [6] used unsupervised multi-autoencoders to analyze system log files, filter abnormal data in log records, detect threatened data. Vidgof et al [7] developed and evaluated an interactive log-delta analysis technology in which analysts can interactively define the filtering range for log filtering.…”

Section: Introductionmentioning

confidence: 99%

Log filtering method based on user behaviors

Tang

Pan

2022

J. Phys.: Conf. Ser.

View full text Add to dashboard Cite

In the big data environment, various websites on the Internet have generated more and more user behaviors. Designing a universal log filtering method based on user behaviors is the current research trend. However, the current log filtering technology has disadvantages such as low filtering accuracy and low efficiency. In this paper, we propose a log filtering method based on user behaviors. First, divide user behaviors into multiple sub-behaviors and assign corresponding weights. Obtain and store log information of user behaviors through distributed log collection tools, and the log information of corresponding sub-behaviors below the weight threshold is filtered. Then, the log information of the retained sub-behaviors is processed in parallel through the utility function. The utility function establishes the mapping relationship between user interest degree and sub-behavior indicators. The corresponding log information of the sub-behaviors below the user interest degree threshold is deleted, and the log information of the user’s preferred sub-behaviors is retained, forming an optimized data source for recommendation results, and stored in the data cluster. This method can perform secondary filtering of the massive log information, respond to users’ current requirements and interesting information promptly, improving processing efficiency.

show abstract