Data Stream Clustering for Real-Time Anomaly Detection: An Application to Insider Threats

Haidar, Diana; Gaber, Mohamed Medhat

doi:10.1007/978-3-319-97864-2_6

Cited by 5 publications

(3 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This section provides an up-to-date, comprehensive survey of recent approaches that address insider threat detection: (i) machine learning (ML) and deep learning (DL) approaches (either anomaly-based [13][14][15][16][17][18][19][20][21][22][23][24][25][26][27], and (ii) classification-based approaches [2,14,25,[28][29][30][31][32][33][34][35][36][37][38][39][40][41][42]).…”

Section: Literature Reviewmentioning

confidence: 99%

“…Researchers have employed many different algorithms for the insider threat detection problem, such as deep neural networks [43], multi-fuzzy classifiers [37], hidden Markov method [41,44], one-class support vector machines [40], deep belief networks [43], linear regression [26], clustering algorithms [24], and light gradient boosting machine [36]. We outline some of the more significant studies below.…”

Section: Machine Learningmentioning

confidence: 99%

See 1 more Smart Citation

Insider Threat Detection Using Machine Learning Approach

Sarhan

Altwaijry

2022

Applied Sciences

View full text Add to dashboard Cite

Insider threats pose a critical challenge for securing computer networks and systems. They are malicious activities by authorised users that can cause extensive damage, such as intellectual property theft, sabotage, sensitive data exposure, and web application attacks. Organisations are tasked with the duty of keeping their layers of network safe and preventing intrusions at any level. Recent advances in modern machine learning algorithms, such as deep learning and ensemble models, facilitate solving many challenging problems by learning latent patterns and modelling data. We used the Deep Feature Synthesis algorithm to derive behavioural features based on historical data. We generated 69,738 features for each user, then used PCA as a dimensionality reduction method and utilised advanced machine learning algorithms, both anomaly detection and classification models, to detect insider threats, achieving an accuracy of 91% for the anomaly detection model. The experimentation utilised a publicly available insider threat dataset called the CERT insider threats dataset. We tested the effect of the SMOTE balancing technique to reduce the effect of the imbalanced dataset, and the results show that it increases recall and accuracy at the expense of precision. The feature extraction process and the SVM model yield outstanding results among all other ML models, achieving an accuracy of 100% for the classification model.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Machine Learningmentioning

confidence: 99%

Insider Threat Detection Using Machine Learning Approach

Sarhan

Altwaijry

2022

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…The second one, clusters that considered as smaller than other clusters. In other words, in density-based methods, the small cluster that contains small data points and data points which are far from cluster centroid are considered as an outlier [12].…”

Section: Outlier Detection Phasementioning

confidence: 99%

Towards an outlier detection model in text data stream

Noori¹

2019

IJATCSE

View full text Add to dashboard Cite

This study proposes an outlier detection model in text data stream. Text stream is an important variant of data stream clustering. It has many useful implementations such as trend analysis, detection and tracking of topics, recommendation of user, and outlier detection. Outlier detection detects events which are interesting to the user and perhaps can be used to trigger some actions. One challenge in outlier detection in text stream is that normal behavior can change and thus it should be possible to adapt the models to the changes. Therefore, detecting outlier in text stream is not a trivial task. This paper proposes a conceptual model to detect outliers in the text stream. The model contains four main phases namely pre-processing, text representation, feature selection, and outlier detection phase. In the first phase, tokenization, stop words removal and stemming will be used. An incremental term weighting for text stream representation will be proposed in the second phase. An online feature selection will be improved on phase number three. Finally, in the fourth phase, one of the swarm intelligence techniques will be improved to detect outlier in the text stream.

show abstract

Clustering Data Streams: A Complex Network Approach

Porto

Quiles

2019

Computational Science and Its Applications – ICCSA 2019

View full text Add to dashboard Cite

Data Stream Clustering for Real-Time Anomaly Detection: An Application to Insider Threats

Cited by 5 publications

References 32 publications

Insider Threat Detection Using Machine Learning Approach

Insider Threat Detection Using Machine Learning Approach

Towards an outlier detection model in text data stream

Clustering Data Streams: A Complex Network Approach

Contact Info

Product

Resources

About