Abstract
Insider threats involving authorised individuals exploiting their access privileges within an organisation can yield substantial damage compared to external threats. Conventional detection approaches analyse user behaviours from logs, using binary classifiers to distinguish between malicious and non-malicious users. However, existing methods focus solely on standalone or sequential activities. To enhance the detection of malicious insiders, we propose a novel approach: bilateral insider threat detection combining RNNs to incorporate standalone and sequential activities. Initially, we extract behavioural traits from log files representing standalone activities. Subsequently, RNN models capture features of sequential activities. Concatenating these features, we employ binary classification to detect insider threats effectively. Experiments on the CERT 4.2 dataset showcase the approach’s superiority, significantly enhancing insider threat detection using features from both standalone and sequential activities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Mhiqani, M.N., et al.: A new intelligent multilayer framework for insider threat detection. Comput. Electr. Eng. 97, 107597 (2022)
Böse, B., Avasarala, B., Tirthapura, S., Chung, Y.Y., Steiner, D.: Detecting insider threats using radish: a system for real-time anomaly detection in heterogeneous data streams. IEEE Syst. J. 11(2), 471–482 (2017)
Deloitte: Impact of COVID-19 on cybersecurity (2023). https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html
Fatima, M., Rehman, O., Rahman, I.M.: Impact of features reduction on machine learning based intrusion detection systems. EAI Endors. Trans. Scalable Inf. Syst. 9(6), e9 (2022)
Ge, Y.F., Orlowska, M., Cao, J., Wang, H., Zhang, Y.: MDDE: multitasking distributed differential evolution for privacy-preserving database fragmentation. VLDB J. 31(5), 957–975 (2022)
Ge, Y.F., Wang, H., Cao, J., Zhang, Y.: An information-driven genetic algorithm for privacy-preserving data publishing. In: Chbeir, R., Huang, H., Silvestri, F., Manolopoulos, Y., Zhang, Y. (eds.) WISE 2022. LNCS, vol. 13724, pp. 340–354. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-20891-1_24
Glasser, J., Lindauer, B.: Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE Security and Privacy Workshops, pp. 98–104. IEEE (2013)
Hong, W., Yin, J., You, M., Wang, H., Cao, J., Li, J., Liu, M.: Graph intelligence enhanced bi-channel insider threat detection. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds.) NSS 2022. LNCS, vol. 13787, pp. 86–102. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-23020-2_5
Hong, W., et al.: A graph empowered insider threat detection framework based on daily activities. ISA Trans. (2023, in press). https://doi.org/10.1016/j.isatra.2023.06.030
Le, D.C., Zincir-Heywood, N., Heywood, M.I.: Analyzing data granularity levels for insider threat detection using machine learning. IEEE Trans. Netw. Serv. Manage. 17(1), 30–44 (2020). https://doi.org/10.1109/TNSM.2020.2967721
Lu, J., Wong, R.K.: Insider threat detection with long short-term memory. In: Proceedings of the Australasian Computer Science Week Multiconference, pp. 1–10 (2019)
Meng, F., Lou, F., Fu, Y., Tian, Z.: Deep learning based attribute classification insider threat detection for data security. In: 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 576–581. IEEE (2018)
Patil, D.R., Pattewar, T.M.: Majority voting and feature selection based network intrusion detection system. EAI Endors. Trans. Scalable Inf. Syst. 9(6), e6–e6 (2022)
Sarki, R., Ahmed, K., Wang, H., Zhang, Y., Wang, K.: Convolutional neural network for multi-class classification of diabetic eye disease. EAI Endors. Trans. Scalable Inf. Syst. 9(4), e5–e5 (2022)
Shalini, R., Manoharan, R.: Trust model for effective consensus in blockchain. EAI Endors. Trans. Scalable Inf. Syst. 9(5), 1–8 (2022). https://doi.org/10.4108/eai.1-2-2022.173294
Sharma, B., Pokharel, P., Joshi, B.: User behavior analytics for anomaly detection using LSTM autoencoder-insider threat detection. In: Proceedings of the 11th International Conference on Advances in Information Technology, pp. 1–9 (2020)
Sherstinsky, A.: Fundamentals of recurrent neural network (RNN) and long short-term memory (LSTM) network. Phys. D 404, 132306 (2020)
Singh, R., et al.: Antisocial behavior identification from twitter feeds using traditional machine learning algorithms and deep learning. EAI Endors. Trans. Scalable Inf. Syst. 10(4), e17–e17 (2023)
Sun, X., Wang, H., Li, J., Zhang, Y.: Satisfying privacy requirements before data anonymization. Comput. J. 55(4), 422–437 (2012). https://doi.org/10.1093/comjnl/bxr028
Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., Robinson, S.: Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. arXiv preprint arXiv:1710.00811 (2017)
Venkateswaran, N., Prabaharan, S.P.: An efficient neuro deep learning intrusion detection system for mobile adhoc networks. EAI Endors. Trans. Scalable Inf. Syst. 9(6), e7 (2022)
Wang, H., Yi, X., Bertino, E., Sun, L.: Protecting outsourced data in cloud computing through access management. Concurr. Comput.: Pract. Exp. 28 (2014). https://doi.org/10.1002/cpe.3286
Yin, J., Tang, M.J., Cao, J., Wang, H., You, M., Lin, Y.: Adaptive online learning for vulnerability exploitation time prediction. In: Huang, Z., Beek, W., Wang, H., Zhou, R., Zhang, Y. (eds.) WISE 2020, Part II. LNCS, vol. 12343, pp. 252–266. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-62008-0_18
Yin, J., Tang, M., Cao, J., You, M., Wang, H.: Cybersecurity applications in software: data-driven software vulnerability assessment and management. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds.) Emerging Trends in Cybersecurity Applications, pp. 371–389. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-09640-2_17
Yin, J., You, M., Cao, J., Wang, H., Tang, M.J., Ge, Y.-F.: Data-driven hierarchical neural network modeling for high-pressure feedwater heater group. In: Borovica-Gajic, R., Qi, J., Wang, W. (eds.) ADC 2020. LNCS, vol. 12008, pp. 225–233. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-39469-1_19
You, M., Yin, J., Wang, H., Cao, J., Miao, Y.: A minority class boosted framework for adaptive access control decision-making. In: Zhang, W., Zou, L., Maamar, Z., Chen, L. (eds.) WISE 2021. LNCS, vol. 13080, pp. 143–157. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90888-1_12
You, M., et al.: A knowledge graph empowered online learning framework for access control decision-making. World Wide Web 26(2), 827–848 (2023)
Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B.: Insider threat detection with deep neural network. In: Shi, Y., Fu, H., Tian, Y., Krzhizhanovskaya, V.V., Lees, M.H., Dongarra, J., Sloot, P.M.A. (eds.) ICCS 2018, Part I. LNCS, vol. 10860, pp. 43–54. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93698-7_4
Yuan, S., Wu, X.: Deep learning for insider threat detection: review, challenges and opportunities. Comput. Secur. 104, 102221 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Manoharan, P., Hong, W., Yin, J., Zhang, Y., Ye, W., Ma, J. (2023). Bilateral Insider Threat Detection: Harnessing Standalone and Sequential Activities with Recurrent Neural Networks. In: Zhang, F., Wang, H., Barhamgi, M., Chen, L., Zhou, R. (eds) Web Information Systems Engineering – WISE 2023. WISE 2023. Lecture Notes in Computer Science, vol 14306. Springer, Singapore. https://doi.org/10.1007/978-981-99-7254-8_14
Download citation
DOI: https://doi.org/10.1007/978-981-99-7254-8_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7253-1
Online ISBN: 978-981-99-7254-8
eBook Packages: Computer ScienceComputer Science (R0)