Unsupervised insider detection through neural feature learning and model optimisation

Liu, Liu, Chen, Chao, Zhang, Jun, De Vel, Olivier, and Xiang, Yang (2019) Unsupervised insider detection through neural feature learning and model optimisation. In: Lecture Notes in Computer Science (11928) pp. 18-36. From: NSS 2019: 13th International Conference on Network and System Security, 15-18 December 2019, Sapporo, Japan.

[img] PDF (Published Version) - Published Version
Restricted to Repository staff only

View at Publisher Website: https://doi.org/10.1007/978-3-030-36938-...
 
1


Abstract

The insider threat is a significant security concern for both organizations and government sectors. Traditional machine learning-based insider threat detection approaches usually rely on domain focused feature engineering, which is expensive and impractical. In this paper, we propose an autoencoder-based approach aiming to automatically learn the discriminative features of the insider behaviours, thus alleviating security experts from tedious inspection tasks. Specifically, a Word2vec model is trained with a corpus transformed from various security logs to generate event representations. Instead of manually selecting Word2vec model parameters, we develop an autoencoder-based "parameter tuner" for the model to produce an optimal feature set. Then, the detection is undertaken by examining the reconstruction error of an autoencoder for each transformed event using the Carnegie Mellon University (CMU) CERT Programs insider threat database. Experimental results demonstrate that our proposed approach could achieve an extremely low false-positive rate (FPR) with all malicious events identified.

Item ID: 64432
Item Type: Conference Item (Research - E1)
ISBN: 978-3-030-36937-8
Keywords: Insider threats, Data analytics, Deep autoencoder, Cyber security
Copyright Information: © Springer Nature Switzerland AG 2019
Date Deposited: 30 Sep 2020 22:17
FoR Codes: 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460407 System and network security @ 100%
SEO Codes: 89 INFORMATION AND COMMUNICATION SERVICES > 8902 Computer Software and Services > 890299 Computer Software and Services not elsewhere classified @ 100%
Downloads: Total: 1
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page