Skip to main content
SpringerLink
Log in

A Study on Historical Behaviour Enabled Insider Threat Prediction

  • Conference paper
  • First Online:
Web and Big Data (APWeb-WAIM 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14333))

  • 73 Accesses

Abstract

Insider threats have been the major challenges in cybersecurity in recent years since they come from authorized individuals and usually cause significant losses once succeeded. Researchers have been trying to solve this problem by discovering the malicious activities that have already happened, which offers not much help for the prevention of those threats. In this paper, we propose a novel problem setting that focuses on predicting whether an individual would be a malicious insider in a future day based on their daily behavioral records of the previous several days, which could assist cybersecurity specialists in better allocating managerial resources. We investigate seven traditional machine learning methods and two deep learning methods, evaluating their performance on the CERT-r4.2 dataset for this specific task. Results show that the random forest algorithm tops the ranking list with f1 = 0.8447 in the best case, and deep learning models are not necessarily better than machine learning models for this specific problem setting. Further study shows that the historical records from the previous four days around can offer the most predicting power compared with other length settings. We publish our codes on GitHub: https://github.com/mybingxf/insider-threat-prediction.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.pwc.dk/da/publikationer/2021/cybercrime-survey-2020-en.html.

  2. 2.

    https://scikit-learn.org/stable/.

  3. 3.

    https://pytorch.org/docs/stable/index.html.

References

  1. Breiman, L.: Classification and regression trees. Routledge (2017)

    Google Scholar 

  2. Center, C.N.I.T.: Common sense guide to mitigating insider threats. Carnegie Mellon University, 7th edn. (2022)

    Google Scholar 

  3. Chattopadhyay, P., Wang, L., Tan, Y.P.: Scenario-based insider threat detection from cyber activities. IEEE Trans. Comput. Soc. Syst. 5(3), 660–675 (2018)

    Article  Google Scholar 

  4. Cui, D., Piao, Y.: A study on the privacy threat analysis of PHI-code. In: Gao, Y., Liu, A., Tao, X., Chen, J. (eds.) APWeb-WAIM 2021. CCIS, vol. 1505, pp. 93–104. Springer, Singapore (2021). https://doi.org/10.1007/978-981-16-8143-1_9

    Chapter  Google Scholar 

  5. Duan, J., Zhang, P.F., Qiu, R., Huang, Z.: Long short-term enhanced memory for sequential recommendation. World Wide Web 26(2), 561–583 (2023)

    Article  Google Scholar 

  6. Freund, Y., Schapire, R.E.: A decision-theoretic generalization of on-line learning and an application to boosting. J. Comput. Syst. Sci. 55(1), 119–139 (1997)

    Article  MathSciNet  Google Scholar 

  7. Gamachchi, A., Boztas, S.: Insider threat detection through attributed graph clustering. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 112–119. IEEE (2017)

    Google Scholar 

  8. Garfinkel, R., Gopal, R., Goes, P.: Privacy protection of binary confidential data against deterministic, stochastic, and insider threat. Manage. Sci. 48(6), 749–764 (2002)

    Article  Google Scholar 

  9. Garg, A., Rahalkar, R., Upadhyaya, S., Kwiat, K.: Profiling users in gui based systems for masquerade detection. In: Proceedings of the 2006 IEEE Workshop on Information Assurance, vol. 2006, pp. 48–54 (2006)

    Google Scholar 

  10. Glasser, J., Lindauer, B.: Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE Security and Privacy Workshops, pp. 98–104. IEEE (2013)

    Google Scholar 

  11. Greitzer, F.L., Frincke, D.A.: Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation. In: Insider threats in cyber security, pp. 85–113. Springer (2010)

    Google Scholar 

  12. Hastie, T., Tibshirani, R., Friedman, J.H., Friedman, J.H.: The elements of statistical learning: data mining, inference, and prediction, vol. 2. Springer (2009)

    Google Scholar 

  13. Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., Ochoa, M.: Insight into insiders and it: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput. Surv. (CSUR) 52(2), 1–40 (2019)

    Article  Google Scholar 

  14. Hong, W., et al.: Graph intelligence enhanced bi-channel insider threat detection. In: Network and System Security: 16th International Conference, NSS 2022, Denarau Island, Fiji, December 9–12, 2022, Proceedings, pp. 86–102. Springer (2022)

    Google Scholar 

  15. Jiang, J., et al.: Anomaly detection with graph convolutional networks for insider threat and fraud detection. In: MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM), pp. 109–114. IEEE (2019)

    Google Scholar 

  16. Liu, F., Wen, Y., Zhang, D., Jiang, X., Xing, X., Meng, D.: Log2vec: A heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1777–1794 (2019)

    Google Scholar 

  17. Miller, S.: 2017 u.s. state of cybercrime highlights. Carnegie Mellon University’s Software Engineering Institute Blog (Jan 17, 2018 [Online]). http://insights.sei.cmu.edu/blog/2017-us-state-of-cybercrime-highlights/. Accessed 23 Aug 2022

  18. Paul, S., Mishra, S.: Lac: Lstm autoencoder with community for insider threat detection. In: 2020 the 4th International Conference on Big Data Research (ICBDR’20), pp. 71–77 (2020)

    Google Scholar 

  19. Salem, M.B., Stolfo, S.J.: Masquerade attack detection using a search-behavior modeling approach. Columbia University, Computer Science Department, Technical Report CUCS-027-09 (2009)

    Google Scholar 

  20. Schonlau, M., DuMouchel, W., Ju, W.H., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical science, pp. 58–74 (2001)

    Google Scholar 

  21. Schultz, E., Shumway, R.: Incident response: a strategic guide to handling system and network security breaches. Sams (2001)

    Google Scholar 

  22. Shi, Y., Wang, S., Zhao, Q., Li, J.: A hybrid approach of http anomaly detection. In: Web and Big Data: APWeb-WAIM 2017 International Workshops: MWDA, HotSpatial, GDMA, DDC, SDMA, MASS, Beijing, China, July 7-9, 2017, Revised Selected Papers 1, pp. 128–137. Springer (2017). https://doi.org/10.1007/978-3-319-69781-9_13

  23. Sun, X., Wang, H., Li, J.: Injecting purpose and trust into data anonymisation. In: Proceedings of the 18th ACM Conference on Information and Knowledge Management, pp. 1541–1544 (2009)

    Google Scholar 

  24. Wang, H., Sun, L.: Trust-involved access control in collaborative open social networks. In: 2010 Fourth International Conference on Network and System Security, pp. 239–246. IEEE (2010)

    Google Scholar 

  25. Wang, W., Wang, W., Yin, J.: A bilateral filtering based ringing elimination approach for motion-blurred restoration image. Current Optics Photonics 4(3), 200–209 (2020)

    MathSciNet  Google Scholar 

  26. Yin, J., Tang, M., Cao, J., You, M., Wang, H.: Cybersecurity applications in software: Data-driven software vulnerability assessment and management. In: Emerging Trends in Cybersecurity Applications, pp. 371–389. Springer (2022)

    Google Scholar 

  27. Yin, J., Tang, M., Cao, J., You, M., Wang, H., Alazab, M.: Knowledge-driven cybersecurity intelligence: software vulnerability co-exploitation behaviour discovery. IEEE Trans. Ind. Inform. (2022)

    Google Scholar 

  28. Yin, J., You, M., Cao, J., Wang, H., Tang, M., Ge, Y.F.: Data-driven hierarchical neural network modeling for high-pressure feedwater heater group. In: Databases Theory and Applications: 31st Australasian Database Conference, ADC 2020, Melbourne, VIC, Australia, February 3–7, 2020, Proceedings 31, pp. 225–233. Springer (2020)

    Google Scholar 

  29. You, M., Yin, J., Wang, H., Cao, J., Miao, Y.: A minority class boosted framework for adaptive access control decision-making. In: Web Information Systems Engineering–WISE 2021: 22nd International Conference on Web Information Systems Engineering, WISE 2021, Melbourne, VIC, Australia, October 26–29, 2021, Proceedings, Part I 22. pp. 143–157. Springer (2021)

    Google Scholar 

  30. You, M., et al.: A knowledge graph empowered online learning framework for access control decision-making. World Wide Web, pp. 1–22 (2022)

    Google Scholar 

  31. Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B.: Insider threat detection with deep neural network. In: International Conference on Computational Science, pp. 43–54. Springer (2018)

    Google Scholar 

  32. Yuan, S., Wu, X.: Deep learning for insider threat detection: review, challenges and opportunities. Comput. Secur. 104, 102221 (2021)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Harbin Engineering University, Harbin, 150001, China

    Fan Xiao

  2. School of Artificial Intelligence, Chongqing University of Arts and Sciences, Chongqing, 402160, China

    Wei Hong

  3. Institute for Sustainable Industries and Liveable Cities, Victoria University, Melbourne, VIC, 3011, Australia

    Jiao Yin, Hua Wang & Yanchun Zhang

  4. Department of Computer Science and Information Technology, La Trobe University, Melbourne, VIC, 3086, Australia

    Jinli Cao

Authors
  1. Fan Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiao Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hua Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jinli Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yanchun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiao Yin .

Editor information

Editors and Affiliations

  1. Peng Cheng Laboratory, Shenzhen, China

    Xiangyu Song

  2. China University of Geosciences, Wuhan, China

    Ruyi Feng

  3. China University of Geosciences, Wuhan, China

    Yunliang Chen

  4. Deakin University, Burwood, VIC, Australia

    Jianxin Li

  5. University of Exeter, Exeter, UK

    Geyong Min

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xiao, F., Hong, W., Yin, J., Wang, H., Cao, J., Zhang, Y. (2024). A Study on Historical Behaviour Enabled Insider Threat Prediction. In: Song, X., Feng, R., Chen, Y., Li, J., Min, G. (eds) Web and Big Data. APWeb-WAIM 2023. Lecture Notes in Computer Science, vol 14333. Springer, Singapore. https://doi.org/10.1007/978-981-97-2387-4_31

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-2387-4_31

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-2386-7

  • Online ISBN: 978-981-97-2387-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation