Anomaly-based insider threat detection using deep autoencoders

Liu, Liu, De Vel, Olivier, Chen, Chao, Zhang, Jun, and Xiang, Yang (2018) Anomaly-based insider threat detection using deep autoencoders. In: Proceedings of the IEEE International Conference on Data Mining Workshops. pp. 39-48. From: ICDMW 2018: IEEE International Conference on Data Mining Workshops, 17-20 November 2018, Singapore.

[img] PDF (Published Version) - Published Version
Restricted to Repository staff only

View at Publisher Website:


In recent years, the malicious insider threat has become one of the most significant cyber security threats that an organisation can be subject to. Due to an insider's natural ability to evade deployed information security mechanisms such as firewalls and endpoint protections, the detection of an insider threat can be challenging. Moreover, compared to the volume of audit data that an organization collects for the purpose of intrusion/anomaly detection, the digital footprint left by a malicious insider's action can be minuscule. To detect insider threats from large and complex audit data, in this paper, we propose a detection system that implements anomaly detection using an ensemble of deep autoencoders. Each autoencoder in the ensemble is trained using a certain category of audit data, which represents a user's normal behaviour accurately. The reconstruction error obtained between the original and the decoded data is used to measure whether any behaviour is anomalous or not. After the data has been processed by the individually trained autoencoders and the respective reconstruction errors obtained, a joint decision-making mechanism is used to report a user's overall maliciousness score. Numerical experiments are conducted using a benchmark dataset for insider threat detection. Results indicate that the proposed detection system is able to detect all of the malicious insider actions with a reasonable false positive rate.

Item ID: 64427
Item Type: Conference Item (Research - E1)
ISBN: 978-1-5386-9288-2
Keywords: Insider threats, data analytics, deep autoencoder, cyber security
Copyright Information: © 2018 IEEE
Date Deposited: 06 Oct 2020 23:13
FoR Codes: 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460499 Cybersecurity and privacy not elsewhere classified @ 100%
SEO Codes: 89 INFORMATION AND COMMUNICATION SERVICES > 8902 Computer Software and Services > 890299 Computer Software and Services not elsewhere classified @ 100%
Downloads: Total: 1
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page