Abstract
Insider threats have been the major challenges in cybersecurity in recent years since they come from authorized individuals and usually cause significant losses once succeeded. Researchers have been trying to solve this problem by discovering the malicious activities that have already happened, which offers not much help for the prevention of those threats. In this paper, we propose a novel problem setting that focuses on predicting whether an individual would be a malicious insider in a future day based on their daily behavioral records of the previous several days, which could assist cybersecurity specialists in better allocating managerial resources. We investigate seven traditional machine learning methods and two deep learning methods, evaluating their performance on the CERT-r4.2 dataset for this specific task. Results show that the random forest algorithm tops the ranking list with f1 = 0.8447 in the best case, and deep learning models are not necessarily better than machine learning models for this specific problem setting. Further study shows that the historical records from the previous four days around can offer the most predicting power compared with other length settings. We publish our codes on GitHub: https://github.com/mybingxf/insider-threat-prediction.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Breiman, L.: Classification and regression trees. Routledge (2017)
Center, C.N.I.T.: Common sense guide to mitigating insider threats. Carnegie Mellon University, 7th edn. (2022)
Chattopadhyay, P., Wang, L., Tan, Y.P.: Scenario-based insider threat detection from cyber activities. IEEE Trans. Comput. Soc. Syst. 5(3), 660–675 (2018)
Cui, D., Piao, Y.: A study on the privacy threat analysis of PHI-code. In: Gao, Y., Liu, A., Tao, X., Chen, J. (eds.) APWeb-WAIM 2021. CCIS, vol. 1505, pp. 93–104. Springer, Singapore (2021). https://doi.org/10.1007/978-981-16-8143-1_9
Duan, J., Zhang, P.F., Qiu, R., Huang, Z.: Long short-term enhanced memory for sequential recommendation. World Wide Web 26(2), 561–583 (2023)
Freund, Y., Schapire, R.E.: A decision-theoretic generalization of on-line learning and an application to boosting. J. Comput. Syst. Sci. 55(1), 119–139 (1997)
Gamachchi, A., Boztas, S.: Insider threat detection through attributed graph clustering. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 112–119. IEEE (2017)
Garfinkel, R., Gopal, R., Goes, P.: Privacy protection of binary confidential data against deterministic, stochastic, and insider threat. Manage. Sci. 48(6), 749–764 (2002)
Garg, A., Rahalkar, R., Upadhyaya, S., Kwiat, K.: Profiling users in gui based systems for masquerade detection. In: Proceedings of the 2006 IEEE Workshop on Information Assurance, vol. 2006, pp. 48–54 (2006)
Glasser, J., Lindauer, B.: Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE Security and Privacy Workshops, pp. 98–104. IEEE (2013)
Greitzer, F.L., Frincke, D.A.: Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation. In: Insider threats in cyber security, pp. 85–113. Springer (2010)
Hastie, T., Tibshirani, R., Friedman, J.H., Friedman, J.H.: The elements of statistical learning: data mining, inference, and prediction, vol. 2. Springer (2009)
Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., Ochoa, M.: Insight into insiders and it: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput. Surv. (CSUR) 52(2), 1–40 (2019)
Hong, W., et al.: Graph intelligence enhanced bi-channel insider threat detection. In: Network and System Security: 16th International Conference, NSS 2022, Denarau Island, Fiji, December 9–12, 2022, Proceedings, pp. 86–102. Springer (2022)
Jiang, J., et al.: Anomaly detection with graph convolutional networks for insider threat and fraud detection. In: MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM), pp. 109–114. IEEE (2019)
Liu, F., Wen, Y., Zhang, D., Jiang, X., Xing, X., Meng, D.: Log2vec: A heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1777–1794 (2019)
Miller, S.: 2017 u.s. state of cybercrime highlights. Carnegie Mellon University’s Software Engineering Institute Blog (Jan 17, 2018 [Online]). http://insights.sei.cmu.edu/blog/2017-us-state-of-cybercrime-highlights/. Accessed 23 Aug 2022
Paul, S., Mishra, S.: Lac: Lstm autoencoder with community for insider threat detection. In: 2020 the 4th International Conference on Big Data Research (ICBDR’20), pp. 71–77 (2020)
Salem, M.B., Stolfo, S.J.: Masquerade attack detection using a search-behavior modeling approach. Columbia University, Computer Science Department, Technical Report CUCS-027-09 (2009)
Schonlau, M., DuMouchel, W., Ju, W.H., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical science, pp. 58–74 (2001)
Schultz, E., Shumway, R.: Incident response: a strategic guide to handling system and network security breaches. Sams (2001)
Shi, Y., Wang, S., Zhao, Q., Li, J.: A hybrid approach of http anomaly detection. In: Web and Big Data: APWeb-WAIM 2017 International Workshops: MWDA, HotSpatial, GDMA, DDC, SDMA, MASS, Beijing, China, July 7-9, 2017, Revised Selected Papers 1, pp. 128–137. Springer (2017). https://doi.org/10.1007/978-3-319-69781-9_13
Sun, X., Wang, H., Li, J.: Injecting purpose and trust into data anonymisation. In: Proceedings of the 18th ACM Conference on Information and Knowledge Management, pp. 1541–1544 (2009)
Wang, H., Sun, L.: Trust-involved access control in collaborative open social networks. In: 2010 Fourth International Conference on Network and System Security, pp. 239–246. IEEE (2010)
Wang, W., Wang, W., Yin, J.: A bilateral filtering based ringing elimination approach for motion-blurred restoration image. Current Optics Photonics 4(3), 200–209 (2020)
Yin, J., Tang, M., Cao, J., You, M., Wang, H.: Cybersecurity applications in software: Data-driven software vulnerability assessment and management. In: Emerging Trends in Cybersecurity Applications, pp. 371–389. Springer (2022)
Yin, J., Tang, M., Cao, J., You, M., Wang, H., Alazab, M.: Knowledge-driven cybersecurity intelligence: software vulnerability co-exploitation behaviour discovery. IEEE Trans. Ind. Inform. (2022)
Yin, J., You, M., Cao, J., Wang, H., Tang, M., Ge, Y.F.: Data-driven hierarchical neural network modeling for high-pressure feedwater heater group. In: Databases Theory and Applications: 31st Australasian Database Conference, ADC 2020, Melbourne, VIC, Australia, February 3–7, 2020, Proceedings 31, pp. 225–233. Springer (2020)
You, M., Yin, J., Wang, H., Cao, J., Miao, Y.: A minority class boosted framework for adaptive access control decision-making. In: Web Information Systems Engineering–WISE 2021: 22nd International Conference on Web Information Systems Engineering, WISE 2021, Melbourne, VIC, Australia, October 26–29, 2021, Proceedings, Part I 22. pp. 143–157. Springer (2021)
You, M., et al.: A knowledge graph empowered online learning framework for access control decision-making. World Wide Web, pp. 1–22 (2022)
Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B.: Insider threat detection with deep neural network. In: International Conference on Computational Science, pp. 43–54. Springer (2018)
Yuan, S., Wu, X.: Deep learning for insider threat detection: review, challenges and opportunities. Comput. Secur. 104, 102221 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Xiao, F., Hong, W., Yin, J., Wang, H., Cao, J., Zhang, Y. (2024). A Study on Historical Behaviour Enabled Insider Threat Prediction. In: Song, X., Feng, R., Chen, Y., Li, J., Min, G. (eds) Web and Big Data. APWeb-WAIM 2023. Lecture Notes in Computer Science, vol 14333. Springer, Singapore. https://doi.org/10.1007/978-981-97-2387-4_31
Download citation
DOI: https://doi.org/10.1007/978-981-97-2387-4_31
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-2386-7
Online ISBN: 978-981-97-2387-4
eBook Packages: Computer ScienceComputer Science (R0)