Loading [a11y]/accessibility-menu.js
Analyzing Data Granularity Levels for Insider Threat Detection Using Machine Learning | IEEE Journals & Magazine | IEEE Xplore

Analyzing Data Granularity Levels for Insider Threat Detection Using Machine Learning


Abstract:

Malicious insider attacks represent one of the most damaging threats to networked systems of companies and government agencies. There is a unique set of challenges that c...Show More

Abstract:

Malicious insider attacks represent one of the most damaging threats to networked systems of companies and government agencies. There is a unique set of challenges that come with insider threat detection in terms of hugely unbalanced data, limited ground truth, as well as behaviour drifts and shifts. This work proposes and evaluates a machine learning based system for user-centered insider threat detection. Using machine learning, analysis of data is performed on multiple levels of granularity under realistic conditions for identifying not only malicious behaviours, but also malicious insiders. Detailed analysis of popular insider threat scenarios with different performance measures are presented to facilitate the realistic estimation of system performance. Evaluation results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders in unseen data with a high accuracy. Specifically, up to 85% of malicious insiders are detected at only 0.78% false positive rate. The system is also able to quickly detect the malicious behaviours, as low as 14 minutes after the first malicious action. Comprehensive result reporting allows the system to provide valuable insights to analysts in investigating insider threat cases.
Published in: IEEE Transactions on Network and Service Management ( Volume: 17, Issue: 1, March 2020)
Page(s): 30 - 44
Date of Publication: 17 January 2020

ISSN Information:

Funding Agency:


References

References is not available for this document.