Image-Based Insider Threat Detection via Geometric Transformation

Li, Dongyang; Yang, Lin; Zhang, Honggang; Wang, Xiaolei; Ma, Linru; Xiao, Junchao

doi:10.1155/2021/1777536

Cited by 5 publications

(5 citation statements)

References 26 publications

(70 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Le et al [18] proposed an unsupervised learning based abnormal detection method for insider threat detection by using four unsupervised learning methods with different workings and exploring various representations of data with temporal information. Li et al [23] converted audit logs into grayscale images, and identified anomalies by applying geometric transformations to the grayscale image. Aldairi et al [24] used the abnormal scores generated by the unsupervised algorithm from the previous cycle as the trust scores for each user, which were fed into the next cycle of the model, and showed their importance and impact in detecting insiders.…”

Section: Related Workmentioning

confidence: 99%

Insider Threat Detection Model Enhancement Using Hybrid Algorithms between Unsupervised and Supervised Learning

Yi,

Tian

2024

Electronics

View full text Add to dashboard Cite

Insider threats are one of the most costly and difficult types of attacks to detect due to the fact that insiders have the right to access an organization’s network systems and understand its structure and security procedures, making it difficult to detect this type of behavior through traditional behavioral auditing. This paper proposes a method to leverage unsupervised outlier scores to enhance supervised insider threat detection by integrating the advantages of supervised and unsupervised learning methods and using multiple unsupervised outlier mining algorithms to extract from the underlying data useful representations, thereby enhancing the predictive power of supervised classifiers on the enhanced feature space. This novel approach provides superior performance, and our method provides better predictive power compared to other excellent abnormal detection methods. Using only 20% of the computing budget, our method achieved an accuracy of 86.12%. Compared with other anomaly detection methods, the accuracy increased by up to 12.5% under the same computing budget.

show abstract

Section: Related Workmentioning

confidence: 99%

Insider Threat Detection Model Enhancement Using Hybrid Algorithms between Unsupervised and Supervised Learning

Yi,

Tian

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…Early strategies included the development of access control mechanisms and user authentication systems, such as password-based systems and user access logs. While effective at identifying unauthorized access, these methods had limitations when it came to detecting subtler insider threats, like privileged users abusing their access rights [3] [6].…”

Section: Background and Motivationmentioning

confidence: 99%

“…User Entity Behavior Analytics (UEBA) has emerged as a pivotal technology for profiling and analyzing user behavior to discern potential threats. The future trajectory of UEBA VOLUME 4, 2016 involves heightened sophistication, incorporating diverse contextual factors [3], [6], [60]. The integration of graph analytics within UEBA systems is projected to unveil intricate relationships between users and entities, thereby providing a nuanced understanding of potential threats.…”

Section: B User Entity Behavior Analytics (Ueba) Advancementsmentioning

confidence: 99%

A Review of Recent Advances, Challenges, and Opportunities in Malicious Insider Threat Detection Using Machine Learning Methods

Alzaabi,

Mehmood

2024

IEEE Access

View full text Add to dashboard Cite

Insider threat detection has become a paramount concern in modern times where organizations strive to safeguard their sensitive information and critical assets from malicious actions by individuals with privileged access. This survey paper provides a comprehensive overview of insider threat detection, highlighting its significance in the current landscape of cybersecurity. The review encompasses a broad spectrum of methodologies and techniques, with a particular focus on classical machine-learning approaches and their limitations in effectively addressing the intricacies of insider threats. Furthermore, the survey explores the utilization of modern deep learning and natural language processing (NLP) based methods as promising alternatives, shedding light on their advantages over traditional methods. This analysis underscores the need for sophisticated solutions that can adapt to evolving threat landscapes and accommodate the intricacies of human behavior. In the conclusion section, the paper offers valuable insights into the future directions of insider threat detection. It advocates for the integration of more sophisticated time-series-based techniques, recognizing the importance of temporal patterns in insider threat behaviors. Additionally, the survey underscores the potential of NLP and large language model-based approaches, which can enhance threat detection by deciphering textual and contextual information. These recommendations reflect the evolving nature of insider threats and emphasize the need for proactive, datadriven strategies to safeguard organizations against internal security breaches. In conclusion, this survey not only underscores the urgency of addressing insider threats but also provides a roadmap for the adoption of advanced methodologies to enhance detection and mitigation capabilities in contemporary cybersecurity paradigms.

show abstract

“…Given that the basic feature extraction is usually closely related to domain knowledge, here we take the CERT dataset as an example to design a series of basic features such as the number of copying le from other's PC during o hours and the number of visiting recruiting website on o ce computers during working hours. Here, note that the basic feature extraction is not the focus of this paper, and MAITD adopts the basic features proposed in our previous work, see literature [7] for details.…”

Section: Temporal Characteristic Analysis Inspired By Acobementioning

confidence: 99%

“…In fact, the performance of insider threat detection depends on not only the anomaly detection algorithm but also the representation quality of user behavior. In our previous work [7], we performed related studies on the feature extractions of user behavior, and categorized them into two types: (i) statistical features based on artificial definition; (ii) hidden features based on representation learning. Although previous methods [8][9][10][11][12][13] have their own unique insights, they are still faced with the following limitations:…”

Section: Introductionmentioning

confidence: 99%

Memory-Augmented Insider Threat Detection with Temporal-Spatial Fusion

Yang

Zhang

et al. 2022

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Insider threat detection is important for the smooth operation and security protection of an organizational system. Most existing detection models establish historical baseline by reconstructing single-day and individual user behaviors, and then treat any outlier of the baseline as a threat. However, such methods ignore the temporal and spatial correlations between different activities, which result in an unsatisfying performance. To address such an issue, we propose a novel insider threat detection method, namely, Memory-Augmented Insider Threat Detection (MAITD), in this paper. Such an idea is motivated by the observation that the combination of individual model that focuses on historical baseline and group model that represents peer baseline can effectively identify the low-signal yet long-lasting insider threats, and reduce the possibility of false positives. To illustrate, our MAITD captures the temporal and spatial correlation of user behaviors by constructing compound behavioral matrix and common group model, and combines specific application scenarios to integrate the detection results. Moreover, it introduces the memory-augmented network into autoencoder to enlarge the reconstruction error of abnormal samples, thereby reducing the false negative rate. The experimental results on CERT dataset show that the instance-based and user-based AUCs of MAITD reach up to 87.54% and 94.56%, respectively, which significantly outperform previous works.

show abstract

Image-Based Insider Threat Detection via Geometric Transformation

Cited by 5 publications

References 26 publications

Insider Threat Detection Model Enhancement Using Hybrid Algorithms between Unsupervised and Supervised Learning

Insider Threat Detection Model Enhancement Using Hybrid Algorithms between Unsupervised and Supervised Learning

A Review of Recent Advances, Challenges, and Opportunities in Malicious Insider Threat Detection Using Machine Learning Methods

Memory-Augmented Insider Threat Detection with Temporal-Spatial Fusion

Contact Info

Product

Resources

About