A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

Al-Mhiqani, Mohammed Nasser; Ahmad, Rabiah; Abidin, Zaheera Zainal; Yassin, Warusia; Hassan, Aslinda; Abdulkareem, Karrar Hameed; Ali, Nabeel Salih; Yunos, Zahri

doi:10.3390/app10155208

Cited by 43 publications

(6 citation statements)

References 180 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Machine learning has been widely used to reduce the healthcare systems burden [ 11 ]. Furthermore, it has the potential to reduce the decision time linked with conventional methods of detection [ 12 ]. The advancement of the estimation, reduction, and monitoring of potential global health threats is considered a crucial factor in the growth of AI strategies to identify the risks of infectious diseases [ 13 ].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Smart Healthcare System for Severity Prediction and Critical Tasks Management of COVID-19 Patients in IoT-Fog Computing Environments

Abdulkareem

Mutlag

Dinar

et al. 2022

Computational Intelligence and Neuroscience

Self Cite

View full text Add to dashboard Cite

COVID-19 has depleted healthcare systems around the world. Extreme conditions must be defined as soon as possible so that services and treatment can be deployed and intensified. Many biomarkers are being investigated in order to track the patient’s condition. Unfortunately, this may interfere with the symptoms of other diseases, making it more difficult for a specialist to diagnose or predict the severity level of the case. This research develops a Smart Healthcare System for Severity Prediction and Critical Tasks Management (SHSSP-CTM) for COVID-19 patients. On the one hand, a machine learning (ML) model is projected to predict the severity of COVID-19 disease. On the other hand, a multi-agent system is proposed to prioritize patients according to the seriousness of the COVID-19 condition and then provide complete network management from the edge to the cloud. Clinical data, including Internet of Medical Things (IoMT) sensors and Electronic Health Record (EHR) data of 78 patients from one hospital in the Wasit Governorate, Iraq, were used in this study. Different data sources are fused to generate new feature pattern. Also, data mining techniques such as normalization and feature selection are applied. Two models, specifically logistic regression (LR) and random forest (RF), are used as baseline severity predictive models. A multi-agent algorithm (MAA), consisting of a personal agent (PA) and fog node agent (FNA), is used to control the prioritization process of COVID-19 patients. The highest prediction result is achieved based on data fusion and selected features, where all examined classifiers observe a significant increase in accuracy. Furthermore, compared with state-of-the-art methods, the RF model showed a high and balanced prediction performance with 86% accuracy, 85.7% F-score, 87.2% precision, and 86% recall. In addition, as compared to the cloud, the MAA showed very significant performance where the resource usage was 66% in the proposed model and 34% in the traditional cloud, the delay was 19% in the proposed model and 81% in the cloud, and the consumed energy was 31% in proposed model and 69% in the cloud. The findings of this study will allow for the early detection of three severity cases, lowering mortality rates.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Smart Healthcare System for Severity Prediction and Critical Tasks Management of COVID-19 Patients in IoT-Fog Computing Environments

Abdulkareem

Mutlag

Dinar

et al. 2022

Computational Intelligence and Neuroscience

Self Cite

View full text Add to dashboard Cite

show abstract

“…FS has gained much consideration from scholars due to its promising results [2,22,23]. FS refers to the method of finding subsets of the original feature set that efficiently describe the input data while reducing the effects of noise and irrelevant features and still provide good results for the task [2,22,23]. Findings in the literature reveal that FS provides several benefits in modeling and analysis.…”

Section: Related Workmentioning

confidence: 99%

Ensemble Feature Selection in Binary Machine Learning Classification: A Novel Application of the Evaluation Based on Distance from Average Solution (EDAS) Method

Abellana

Roxas

Lao

et al. 2022

Mathematical Problems in Engineering

View full text Add to dashboard Cite

Combining filters in an ensemble to improve feature selection performance is a growing field in the literature. Current techniques, however, are focused on approaches that suffer from drawbacks such as sensitivity to skewed distribution, among others. To address this gap, this paper investigates the applicability of multiple criteria decision-making in ensemble feature selection. This paper adopts the Evaluation based on Distance from Average Solution (EDAS) method due to its many familiar elements to the feature selection community. An experiment was performed on six datasets and a control group. The paper uses the six datasets as levels of the blocking factor. A negative control group (i.e., no feature selection) was adopted to compare with the proposed algorithm. Results show that the proposed ensemble FS algorithm was able to reduce the dataset without compromising the performance of the classifier. The findings in this study would contribute to the literature in several ways. First, the paper is one of the few works to demonstrate how MCDM can be used in feature selection with promising results. Second, this paper is one of the few works to demonstrate the significance of including datasets as levels of a blocking factor when performing significance testing. Finally, this paper is the first to demonstrate the applicability of EDAS as an ensemble FS algorithm. As such, the findings in this paper could spark the cross-fertilization of feature selection and MCDM.

show abstract

“…The study presented the limitations of using the data features from application, perceptual and network layers in the IoT environment. The survey in [22], aimed to review notable insider threat detection approaches from different aspects: investigated behaviors, machine learning methods, datasets, detection techniques and performance metrics. It also presented a classification of recent insider threat types, access methods, level, motivation, insider reporting, security assets, etc.…”

Section: Related Workmentioning

confidence: 99%

An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques

Al-Shehari

Alsowail

2021

Entropy

View full text Add to dashboard Cite

Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.

show abstract

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

Cited by 43 publications

References 180 publications

Smart Healthcare System for Severity Prediction and Critical Tasks Management of COVID-19 Patients in IoT-Fog Computing Environments

Smart Healthcare System for Severity Prediction and Critical Tasks Management of COVID-19 Patients in IoT-Fog Computing Environments

Ensemble Feature Selection in Binary Machine Learning Classification: A Novel Application of the Evaluation Based on Distance from Average Solution (EDAS) Method

An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques

Contact Info

Product

Resources

About