Skip to main content
SpringerLink
Log in

Bilateral Insider Threat Detection: Harnessing Standalone and Sequential Activities with Recurrent Neural Networks

  • Conference paper
  • First Online:
Web Information Systems Engineering – WISE 2023 (WISE 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14306))

Included in the following conference series:

  • 743 Accesses

Abstract

Insider threats involving authorised individuals exploiting their access privileges within an organisation can yield substantial damage compared to external threats. Conventional detection approaches analyse user behaviours from logs, using binary classifiers to distinguish between malicious and non-malicious users. However, existing methods focus solely on standalone or sequential activities. To enhance the detection of malicious insiders, we propose a novel approach: bilateral insider threat detection combining RNNs to incorporate standalone and sequential activities. Initially, we extract behavioural traits from log files representing standalone activities. Subsequently, RNN models capture features of sequential activities. Concatenating these features, we employ binary classification to detect insider threats effectively. Experiments on the CERT 4.2 dataset showcase the approach’s superiority, significantly enhancing insider threat detection using features from both standalone and sequential activities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.cybersecurity-insiders.com/portfolio/2023-insider-threat-report-gurucul/.

References

  1. Al-Mhiqani, M.N., et al.: A new intelligent multilayer framework for insider threat detection. Comput. Electr. Eng. 97, 107597 (2022)

    Google Scholar 

  2. Böse, B., Avasarala, B., Tirthapura, S., Chung, Y.Y., Steiner, D.: Detecting insider threats using radish: a system for real-time anomaly detection in heterogeneous data streams. IEEE Syst. J. 11(2), 471–482 (2017)

    Article  Google Scholar 

  3. Deloitte: Impact of COVID-19 on cybersecurity (2023). https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html

  4. Fatima, M., Rehman, O., Rahman, I.M.: Impact of features reduction on machine learning based intrusion detection systems. EAI Endors. Trans. Scalable Inf. Syst. 9(6), e9 (2022)

    Google Scholar 

  5. Ge, Y.F., Orlowska, M., Cao, J., Wang, H., Zhang, Y.: MDDE: multitasking distributed differential evolution for privacy-preserving database fragmentation. VLDB J. 31(5), 957–975 (2022)

    Article  Google Scholar 

  6. Ge, Y.F., Wang, H., Cao, J., Zhang, Y.: An information-driven genetic algorithm for privacy-preserving data publishing. In: Chbeir, R., Huang, H., Silvestri, F., Manolopoulos, Y., Zhang, Y. (eds.) WISE 2022. LNCS, vol. 13724, pp. 340–354. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-20891-1_24

    Chapter  Google Scholar 

  7. Glasser, J., Lindauer, B.: Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE Security and Privacy Workshops, pp. 98–104. IEEE (2013)

    Google Scholar 

  8. Hong, W., Yin, J., You, M., Wang, H., Cao, J., Li, J., Liu, M.: Graph intelligence enhanced bi-channel insider threat detection. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds.) NSS 2022. LNCS, vol. 13787, pp. 86–102. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-23020-2_5

    Chapter  Google Scholar 

  9. Hong, W., et al.: A graph empowered insider threat detection framework based on daily activities. ISA Trans. (2023, in press). https://doi.org/10.1016/j.isatra.2023.06.030

  10. Le, D.C., Zincir-Heywood, N., Heywood, M.I.: Analyzing data granularity levels for insider threat detection using machine learning. IEEE Trans. Netw. Serv. Manage. 17(1), 30–44 (2020). https://doi.org/10.1109/TNSM.2020.2967721

    Article  Google Scholar 

  11. Lu, J., Wong, R.K.: Insider threat detection with long short-term memory. In: Proceedings of the Australasian Computer Science Week Multiconference, pp. 1–10 (2019)

    Google Scholar 

  12. Meng, F., Lou, F., Fu, Y., Tian, Z.: Deep learning based attribute classification insider threat detection for data security. In: 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 576–581. IEEE (2018)

    Google Scholar 

  13. Patil, D.R., Pattewar, T.M.: Majority voting and feature selection based network intrusion detection system. EAI Endors. Trans. Scalable Inf. Syst. 9(6), e6–e6 (2022)

    Google Scholar 

  14. Sarki, R., Ahmed, K., Wang, H., Zhang, Y., Wang, K.: Convolutional neural network for multi-class classification of diabetic eye disease. EAI Endors. Trans. Scalable Inf. Syst. 9(4), e5–e5 (2022)

    Google Scholar 

  15. Shalini, R., Manoharan, R.: Trust model for effective consensus in blockchain. EAI Endors. Trans. Scalable Inf. Syst. 9(5), 1–8 (2022). https://doi.org/10.4108/eai.1-2-2022.173294

    Article  Google Scholar 

  16. Sharma, B., Pokharel, P., Joshi, B.: User behavior analytics for anomaly detection using LSTM autoencoder-insider threat detection. In: Proceedings of the 11th International Conference on Advances in Information Technology, pp. 1–9 (2020)

    Google Scholar 

  17. Sherstinsky, A.: Fundamentals of recurrent neural network (RNN) and long short-term memory (LSTM) network. Phys. D 404, 132306 (2020)

    Google Scholar 

  18. Singh, R., et al.: Antisocial behavior identification from twitter feeds using traditional machine learning algorithms and deep learning. EAI Endors. Trans. Scalable Inf. Syst. 10(4), e17–e17 (2023)

    Article  Google Scholar 

  19. Sun, X., Wang, H., Li, J., Zhang, Y.: Satisfying privacy requirements before data anonymization. Comput. J. 55(4), 422–437 (2012). https://doi.org/10.1093/comjnl/bxr028

    Article  Google Scholar 

  20. Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., Robinson, S.: Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. arXiv preprint arXiv:1710.00811 (2017)

  21. Venkateswaran, N., Prabaharan, S.P.: An efficient neuro deep learning intrusion detection system for mobile adhoc networks. EAI Endors. Trans. Scalable Inf. Syst. 9(6), e7 (2022)

    Google Scholar 

  22. Wang, H., Yi, X., Bertino, E., Sun, L.: Protecting outsourced data in cloud computing through access management. Concurr. Comput.: Pract. Exp. 28 (2014). https://doi.org/10.1002/cpe.3286

  23. Yin, J., Tang, M.J., Cao, J., Wang, H., You, M., Lin, Y.: Adaptive online learning for vulnerability exploitation time prediction. In: Huang, Z., Beek, W., Wang, H., Zhou, R., Zhang, Y. (eds.) WISE 2020, Part II. LNCS, vol. 12343, pp. 252–266. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-62008-0_18

    Chapter  Google Scholar 

  24. Yin, J., Tang, M., Cao, J., You, M., Wang, H.: Cybersecurity applications in software: data-driven software vulnerability assessment and management. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds.) Emerging Trends in Cybersecurity Applications, pp. 371–389. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-09640-2_17

    Chapter  Google Scholar 

  25. Yin, J., You, M., Cao, J., Wang, H., Tang, M.J., Ge, Y.-F.: Data-driven hierarchical neural network modeling for high-pressure feedwater heater group. In: Borovica-Gajic, R., Qi, J., Wang, W. (eds.) ADC 2020. LNCS, vol. 12008, pp. 225–233. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-39469-1_19

    Chapter  Google Scholar 

  26. You, M., Yin, J., Wang, H., Cao, J., Miao, Y.: A minority class boosted framework for adaptive access control decision-making. In: Zhang, W., Zou, L., Maamar, Z., Chen, L. (eds.) WISE 2021. LNCS, vol. 13080, pp. 143–157. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90888-1_12

    Chapter  Google Scholar 

  27. You, M., et al.: A knowledge graph empowered online learning framework for access control decision-making. World Wide Web 26(2), 827–848 (2023)

    Article  Google Scholar 

  28. Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B.: Insider threat detection with deep neural network. In: Shi, Y., Fu, H., Tian, Y., Krzhizhanovskaya, V.V., Lees, M.H., Dongarra, J., Sloot, P.M.A. (eds.) ICCS 2018, Part I. LNCS, vol. 10860, pp. 43–54. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93698-7_4

    Chapter  Google Scholar 

  29. Yuan, S., Wu, X.: Deep learning for insider threat detection: review, challenges and opportunities. Comput. Secur. 104, 102221 (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Sustainable Industries and Liveable Cities, Victoria University, Melbourne, VIC, 3011, Australia

    Phavithra Manoharan, Wei Hong, Jiao Yin, Yanchun Zhang & Wenjie Ye

  2. Institute of Innovation, Science and Sustainability, Federation University, Berwick, VIC, Australia

    Jiangang Ma

Authors
  1. Phavithra Manoharan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiao Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yanchun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wenjie Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jiangang Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiao Yin .

Editor information

Editors and Affiliations

  1. Renmin University of China, Beijing, China

    Feng Zhang

  2. Victoria University, Footscray, VIC, Australia

    Hua Wang

  3. Qatar University, Doha, Qatar

    Mahmoud Barhamgi

  4. Swinburne University of Technology, Hawthorn, Australia

    Lu Chen

  5. Swinburne University of Technology, Hawthorn, Australia

    Rui Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Manoharan, P., Hong, W., Yin, J., Zhang, Y., Ye, W., Ma, J. (2023). Bilateral Insider Threat Detection: Harnessing Standalone and Sequential Activities with Recurrent Neural Networks. In: Zhang, F., Wang, H., Barhamgi, M., Chen, L., Zhou, R. (eds) Web Information Systems Engineering – WISE 2023. WISE 2023. Lecture Notes in Computer Science, vol 14306. Springer, Singapore. https://doi.org/10.1007/978-981-99-7254-8_14

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7254-8_14

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7253-1

  • Online ISBN: 978-981-99-7254-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation