Skip to main content
Springer Nature Link
Log in

TS-AUBD: A Novel Two-Stage Method for Abnormal User Behavior Detection

  • Conference paper
  • First Online:
Web and Big Data (APWeb-WAIM 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14965))

  • 617 Accesses

Abstract

Malicious insider attacks are among the most destructive threats to enterprises. Solving the insider threat problem involves several challenges, including data imbalance and detection of anomalous behavior. This paper presents TS-AUBD, a two-stage method for abnormal user behavior detection. TS-AUBD consists of coarse-grained and fine-grained user-level models. TS-AUBD can not only effectively detect abnormal behaviors and users but also analyze the situation of abnormal behaviors presented in each abnormal user. Experiments were conducted on a publicly available standard dataset CERT R4.2. Results show that TS-AUBD shows better performance compared with the baseline model, with an accuracy of up to 99.9% for behavior detection and 99. 8% for user detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Al-Mhiqani, M.N., et al.: A new intelligent multilayer framework for insider threat detection. Comput. Electr. Eng. 97, 107597 (2022)

    Article  Google Scholar 

  2. Aldairi, M., Karimi, L., Joshi, J.: A trust aware unsupervised learning approach for insider threat detection. In: 2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI), pp. 89–98 (2019)

    Google Scholar 

  3. AlSlaiman, M., Salman, M.I., Saleh, M.M., Wang, B.: Enhancing false negative and positive rates for efficient insider threat detection. Comput. Secur. 126, 103066 (2023)

    Article  Google Scholar 

  4. Besnaci, S., Hafidi, M., Lamia, M.: Dealing with extremly unbalanced data and detecting insider threats with deep neural networks. In: 2023 International Conference on Advances in Electronics, Control and Communication Systems (ICAECCS), pp. 1–6 (2023)

    Google Scholar 

  5. Ge, D., Zhong, S., Chen, K.: Multi-source data fusion for insider threat detection using residual networks. In: 2022 3rd International Conference on Electronic Information and Communication Technology (CECIT), pp. 359–366 (2022)

    Google Scholar 

  6. Hall, A.J., Pitropakis, N., Buchanan, W.J., Moradpoor, N.: Predicting malicious insider threat scenarios using organizational data and a heterogeneous stack-classifier. In: 2018 IEEE International Conference on Big Data Big Data, pp. 5034–5039 (2018)

    Google Scholar 

  7. He, W., Wu, X., Wu, J., Xie, X., Qiu, L., Sun, L.: Insider threat detection based on user historical behavior and attention mechanism. In: 2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC), pp. 564–569 (2021)

    Google Scholar 

  8. Huang, W., Zhu, H., Li, C., Lv, Q., Wang, Y., Yang, H.: ITDBERT: temporal-semantic Representation for Insider Threat Detection. In: 2021 IEEE Symposium on Computers and Communications (ISCC), pp. 1–7 (2021)

    Google Scholar 

  9. Igbe, O., Saadawi, T.: Insider threat detection using an artificial immune system algorithm. In: 2018 9th IEEE Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), pp. 297–302 (2018)

    Google Scholar 

  10. Jah Rizvi, S.K., Javed, K.F., Moazam, M.: CAS - attention based ISO/IEC 15408-2 compliant continuous audit system for insider threat detection. In: 2023 3rd International Conference on Artificial Intelligence (ICAI), pp. 153–157 (2023)

    Google Scholar 

  11. Le, D.C., Zincir-Heywood, N., Heywood, M.I.: Analyzing data granularity levels for insider threat detection using machine learning. IEEE Trans. Netw. Serv. Manag. 17(1), 30–44 (2020)

    Article  Google Scholar 

  12. Lin, L., Zhong, S., Jia, C., Chen, K.: Insider threat detection based on deep belief network feature representation. In: 2017 International Conference on Green Informatics (ICGI), pp. 54–59 (2017)

    Google Scholar 

  13. Liu, A., Du, X., Wang, N.: Recognition of access control role based on convolutional neural network. In: 2018 IEEE 4th International Conference on Computer and Communications (ICCC), pp. 2069–2074 (2018)

    Google Scholar 

  14. Mamidanna, S.K., Reddy, C.R.K., Gujju, A.: Detecting an insider threat and analysis of XGBoost using hyperparameter tuning. In: 2022 International Conference on Advances in Computing, Communication and Applied Informatics (ACCAI), pp. 1–10 (2022)

    Google Scholar 

  15. Mehmood, M., Amin, R., Muslam, M.M.A., Xie, J., Aldabbas, H.: Privilege escalation attack detection and mitigation in cloud using machine learning. IEEE Access 11, 46561–46576 (2023)

    Article  Google Scholar 

  16. Meng, F., Lou, F., Fu, Y., Tian, Z.: Deep learning based attribute classification insider threat detection for data security. In: 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 576–581 (2018)

    Google Scholar 

  17. Meng, F., Lu, P., Li, J., Hu, T., Yin, M., Lou, F.: GRU and multi-autoencoder based insider threat detection for cyber security. In: 2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC), pp. 203–210 (2021)

    Google Scholar 

  18. Mittal, A., Garg, U.: Design and analysis of insider threat detection and prediction system using machine learning techniques. In: 2023 Fifth International Conference on Electrical, Computer and Communication Technologies (ICECCT), pp. 1–8 (2023)

    Google Scholar 

  19. Mittal, A., Garg, U.: Prediction and detection of insider threat detection using emails: a comparision. In: 2023 Second International Conference on Electrical, Electronics, Information and Communication Technologies (ICEEICT), pp. 1–6 (2023)

    Google Scholar 

  20. Nasir, R., Afzal, M., Latif, R., Iqbal, W.: Behavioral based insider threat detection using deep learning. IEEE Access 9, 143266–143274 (2021)

    Article  Google Scholar 

  21. Orizio, R., Vuppala, S., Basagiannis, S., Provan, G.: Towards an explainable approach for insider threat detection: constraint network learning. In: 2020 International Conference on Intelligent Data Science Technologies and Applications (IDSTA), pp. 42–49 (2020)

    Google Scholar 

  22. Pantelidis, E., Bendiab, G., Shiaeles, S., Kolokotronis, N.: Insider threat detection using deep autoencoder and variational autoencoder neural networks. In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 129–134 (2021)

    Google Scholar 

  23. Saaudi, A., Al-Ibadi, Z., Tong, Y., Farkas, C.: Insider threats detection using CNN-LSTM model. In: 2018 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 94–99 (2018)

    Google Scholar 

  24. Shashanka, M., Shen, M.Y., Wang, J.: User and entity behavior analytics for enterprise security. In: 2016 IEEE International Conference Big Data Big Data, Washington DC, USA, pp. 1867–1874. IEEE (2016)

    Google Scholar 

  25. Singh, M., Mehtre, BM., Sangeetha, S.: User behaviour based insider threat detection in critical infrastructures. In: 2021 2nd International Conference on Secure Cyber Computing and Communication (ICSCCC), pp. 489–494 (2021)

    Google Scholar 

  26. Sun, D., Liu, M., Li, M., Shi, Z., Liu, P., Wang, X.: DeepMIT: a novel malicious insider threat detection framework based on recurrent neural network. In: 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 335–341 (2021)

    Google Scholar 

  27. Sun, X., Wang, Y., Shi, Z.: Insider threat detection using an unsupervised learning method: COPOD. In: 2021 International Conference on Communications, Information System and Computer Engineering (CISCE), pp. 749–754 (2021)

    Google Scholar 

  28. Tang, B., Hu, Q., Lin, D.: Reducing false positives of user-to-entity first-access alerts for user behavior analytics. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 804–811 (2017)

    Google Scholar 

  29. Varsha Suresh, P., Lalitha Madhavu, M.: Insider attack: internal cyber attack detection using machine learning. In: 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT), Kharagpur, India, pp. 1–7. IEEE (2021)

    Google Scholar 

Download references

Acknowledgments

This work was supported in part by the Shenzhen Science and Technology Program (No. KJZD20231023094701003), the Major Key Project of PCL (Grant No. PCL2023A07-4), and the National Natural Science Foundation of China (Grant No. 62372137).

Author information

Authors and Affiliations

  1. Harbin Institute of Technology, Shenzhen, 518038, China

    Yu Cao, Yilu Chen, Ye Wang, Zhaoquan Gu & Yan Jia

  2. Peng Cheng Laboratory, Shenzhen, 518038, China

    Ning Hu, Zhaoquan Gu & Yan Jia

  3. National University of Defense Technology, Changsha, 410003, China

    Ye Wang

  4. Guangzhou University, Guangzhou, 511540, China

    Ning Hu

Authors
  1. Yu Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yilu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ye Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ning Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhaoquan Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yan Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhaoquan Gu .

Editor information

Editors and Affiliations

  1. University of New South Wales, Sydney, NSW, Australia

    Wenjie Zhang

  2. National University of Singapore, Queenstown, Singapore

    Anthony Tung

  3. Zhejiang Normal University, Jinhua, China

    Zhonglong Zheng

  4. University of New South Wales, Sydney, NSW, Australia

    Zhengyi Yang

  5. University of New South Wales, Sydney, NSW, Australia

    Xiaoyang Wang

  6. Zhejiang Normal University, Jinhua, China

    Hongjie Guo

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cao, Y., Chen, Y., Wang, Y., Hu, N., Gu, Z., Jia, Y. (2024). TS-AUBD: A Novel Two-Stage Method for Abnormal User Behavior Detection. In: Zhang, W., Tung, A., Zheng, Z., Yang, Z., Wang, X., Guo, H. (eds) Web and Big Data. APWeb-WAIM 2024. Lecture Notes in Computer Science, vol 14965. Springer, Singapore. https://doi.org/10.1007/978-981-97-7244-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-7244-5_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-7243-8

  • Online ISBN: 978-981-97-7244-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics