Authors:
Hoseong Asher Lee
1
;
Nikhil Prathapani
1
;
Rajesh Paturi
1
;
Sarp Parmaksiz
1
and
Fabio Di Troia
2
Affiliations:
1
Department of Computer Engineering, San Jose State University, San Jose, CA, U.S.A.
;
2
Department of Computer Science, San Jose State University, San Jose, CA, U.S.A.
Keyword(s):
Insider Threat Attack, Intrusion Detection, CNN, LSTM, biLSTM, NLP.
Abstract:
Insider threat attacks are increasing in most organizations yearly. It is also tough to prevent this type of attack because the threat is within the boundary, making them more dangerous than external threat actors. There can be a situation where a strong authentication layer is implemented for the external users, but due to cost or maintenance effort reasons, the authentication layer for insiders might not have proper security controls. One of the types of insider threat attacks is to exploit established sessions by legitimate users. There are certain applications and operating systems that provide an in-built security mechanism to detect idle sessions and automatically expire the sessions if no action is performed by the user. However, this type of protection is still vulnerable since it cannot really detect if the user who is taking action is the legitimate user or not. In this paper, we propose to use an advanced machine learning model based on Natural Language Processing (NLP) al
gorithms to authenticate users based on their mouse dynamics in web browser contexts. The model can provide a protective layer that continuously monitors against insider threat attacks. By this method, we can prevent malicious users from accessing unauthorized assets and provide enhanced security to legitimate users.
(More)