Skip to main content
Springer Nature Link
Log in

Insider Threat Detection Based on User Behaviour Analysis

  • Conference paper
  • First Online:
Machine Learning, Image Processing, Network Security and Data Sciences (MIND 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1241))

  • 1667 Accesses

Abstract

Insider threat detection is a major challenge for security in organizations. They are the employees/users of an organization, posing threat to it by performing any malicious activity. Existing methods to detect insider threats are based on psycho-physiological factors, statistical analysis, machine learning and deep learning methods. They are based on predefined rules or stored signatures and fail to detect new or unknown attacks. To overcome some of the limitations of the existing methods, we propose behaviour based insider threat detection method. The behaviour is characterized by user activity (such as logon-logoff, device connect-disconnect, file-access, http-url-requests, email activity). Isometric Feature Mapping (ISOMAP) is used for feature extraction and Emperor Penguin Algorithm is used for optimal feature selection. The features include time based features (time at which a particular activity is performed) and frequency based features (number of times a particular activity is performed). Finally, a Multi-fuzzy-classifier is used with three inference engines F1, F2, F3, to classify users as normal or malicious. The proposed method is tested using CMU-CERT insider threat dataset for its performance. The proposed method outperforms on the following metrics: accuracy, precision, recall, f-measure, and AUC-ROC parameters. The insider threat detection results show a significant improvement over existing methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Insua, D.R., et al.: An Adversarial Risk Analysis Framework for Cybersecurity. Risk Analysis, Wiley Periodicals (2019). arXiv preprint arXiv:1903.07727

  2. Al-mhiqan, M.N., et al.: New insider threat detection method based on recurrent neural networks. 17(3), 1474–1479 (2020)

    Google Scholar 

  3. Lu, J., Wong, R.K.: Insider threat detection with long short-term memory. In: Proceedings of the Australasian Computer Science Week Multiconference, pp. 1–10 (2019)

    Google Scholar 

  4. Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B.: Insider threat detection with deep neural network. In: Shi, Y., et al. (eds.) ICCS 2018. LNCS, vol. 10860, pp. 43–54. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93698-7_4

    Chapter  Google Scholar 

  5. Yamin, M.M., Katt, B., Sattar, K., Ahmad, M.B.: Implementation of insider threat detection system using honeypot based sensors and threat analytics. In: Arai, K., Bhatia, R. (eds.) FICC 2019. LNNS, vol. 70, pp. 801–829. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-12385-7_56

    Chapter  Google Scholar 

  6. Almehmadi, A.: Micromovement behavior as an intention detection measurement for preventing insider threats. IEEE Access 6, 40626–40637 (2018)

    Article  Google Scholar 

  7. Chattopadhyay, P., Wang, L., Tan, Y.-P.: Scenario-based insider threat detection from cyber activities. IEEE Trans. Comput. Soc. Syst. 5(3), 660–675 (2018)

    Article  Google Scholar 

  8. Lo, O., Buchanan, W.J., Griffiths, P., Macfarlane, R.: Distance measurement methods for improved insider threat detection. Security and Communication Networks (2018)

    Google Scholar 

  9. Lv, B., Wang, D., Wang, Y., Lv, Q., Lu, D.: A hybrid model based on multi-dimensional features for insider threat detection. In: Chellappan, S., Cheng, W., Li, W. (eds.) WASA 2018. LNCS, vol. 10874, pp. 333–344. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94268-1_28

    Chapter  Google Scholar 

  10. Kim, J., Park, M., Kim, H., Cho, S., Kang, P.: Insider threat detection based on user behavior modeling and anomaly detection algorithms. Appl. Sci. 9(19), 4018 (2019)

    Article  Google Scholar 

  11. Böse, B., Avasarala, B., Tirthapura, S., Chung, Y.-Y., Steiner, D.: Detecting insider threats using radish: a system for real-time anomaly detection in heterogeneous data streams. IEEE Syst. J. 11(2), 471–482 (2017)

    Article  Google Scholar 

  12. Legg, P.A., Buckley, O., Goldsmith, M., Creese, S.: Automated insider threat detection system using user and role-based profile assessment. IEEE Syst. J. 11(2), 503–512 (2015)

    Article  Google Scholar 

  13. Singh, M., Mehtre, B.M., Sangeetha, S.: User behavior profiling using ensemble approach for insider threat detection. In: 2019 IEEE 5th International Conference on Identity, Security, and Behavior Analysis (ISBA), pp. 1–8 (2019)

    Google Scholar 

  14. Insider Threat Dataset, Software Engineering Institute, Carnegie Mellon University. https://ftp.sei.cmu.edu/pub/cert-data/

  15. Leslie, N.O., Harang, R.E., Knachel, L.P., Kott, A.: Statistical models for the number of successful cyber intrusions. J. Defen. Model. Simul. 15(1), 49–63 (2018)

    Article  Google Scholar 

  16. Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H., Wang, C.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018)

    Article  Google Scholar 

  17. Isometric Feature Mapping. https://en.wikipedia.org/wiki/IsomapAlgorithm/

  18. Iranmanesh, S.M., Mohammadi, M., Akbari, A., Nassersharif, B.: Improving detection rate in intrusion detection systems using FCM clustering to select meaningful landmarks in incremental landmark isomap algorithm. In: Zhou, Q. (ed.) ICTMF 2011. CCIS, vol. 164, pp. 46–53. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24999-0_7

    Chapter  Google Scholar 

  19. Xu, X., Tao, C.: ISOMAP algorithm-based feature extraction for electromechanical equipment fault prediction. In: IEEE 2nd International Congress on Image and Signal Processing, pp. 1–4 (2009)

    Google Scholar 

  20. Zheng, K., Xu, Q., Yu, Z., Jia, L.: Intrusion detection using ISOMAP and support vector machine. In: IEEE International Conference on Artificial Intelligence and Computational Intelligence, vol. 3, pp. 235–239 (2009)

    Google Scholar 

  21. Dhiman, G., Kumar, V.: Emperor penguin optimizer: a bio-inspired algorithm for engineering problems. Knowl.-Based Syst. 159, 20–50 (2018)

    Article  Google Scholar 

  22. Multi-Fuzzy-Classification. https://en.wikipedia.org/wiki/Fuzzy-classification/

Download references

Author information

Authors and Affiliations

  1. Centre of Excellence in Cyber Security, Institute for Development and Research in Banking Technology, Established by Reserve bank of India, Hyderabad, India

    Malvika Singh & B. M. Mehtre

  2. Department of Computer Applications, National Institute of Technology, Tiruchirappalli, India

    Malvika Singh & S. Sangeetha

Authors
  1. Malvika Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. M. Mehtre
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. Sangeetha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Malvika Singh , B. M. Mehtre or S. Sangeetha .

Editor information

Editors and Affiliations

  1. National Institute of Technology Silchar, Silchar, India

    Arup Bhattacharjee

  2. National Institute Of Technology Silchar, Silchar, India

    Samir Kr. Borgohain

  3. National Institute of Technology Silchar, Silchar, India

    Badal Soni

  4. National Institute of Technology Kurukshetra, Kurukshetra, India

    Gyanendra Verma

  5. University of Eastern Finland, Kuopio, Finland

    Xiao-Zhi Gao

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Singh, M., Mehtre, B.M., Sangeetha, S. (2020). Insider Threat Detection Based on User Behaviour Analysis. In: Bhattacharjee, A., Borgohain, S., Soni, B., Verma, G., Gao, XZ. (eds) Machine Learning, Image Processing, Network Security and Data Sciences. MIND 2020. Communications in Computer and Information Science, vol 1241. Springer, Singapore. https://doi.org/10.1007/978-981-15-6318-8_45

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-6318-8_45

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-6317-1

  • Online ISBN: 978-981-15-6318-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics