Insider threat identification using the simultaneous neural learning of multi-source logs

Liu, Liu, Chen, Chao, Zhang, Jun, De Vel, Olivier, and Xiang, Yang (2019) Insider threat identification using the simultaneous neural learning of multi-source logs. IEEE Access, 7. pp. 183162-183176.

PDF (Published Version) - Published Version
Available under License Creative Commons Attribution.

Download (6MB) | Preview
View at Publisher Website:


Insider threat detection has drawn increasing attention in recent years. In order to capture a malicious insider's digital footprints that occur scatteredly across a wide range of audit data sources over a long period of time, existing approaches often leverage a scoring mechanism to orchestrate alerts generated from multiple sub-detectors, or require domain knowledge-based feature engineering to conduct a one-off analysis across multiple types of data. These approaches result in a high deployment complexity and incur additional costs for engaging security experts. In this paper, we present a novel approach that works with a variety of security logs. The security logs are transformed into texts in the same format and then arranged as a corpus. Using the model trained by Word2vec with the corpus, we are enabled to approximate the posterior probabilities for insider behaviours. Accordingly, we label the transformed events as suspicious if their behavioural probabilities are smaller than a given threshold, and a user is labelled as malicious if he/she is associated with multiple suspicious events. The experiments are undertaken with the Carnegie Mellon University (CMU) CERT Programs insider threat database v6.2, which not only demonstrate that the proposed approach is effective and scalable in practical applications but also provide a guidance for tuning the parameters and thresholds.

Item ID: 64433
Item Type: Article (Research - C1)
ISSN: 2169-3536
Keywords: cybersecurity, data analytics, insider threats, word embedding
Copyright Information: This work is licensed under a Creative Commons Attribution 4.0 License.
Date Deposited: 27 Sep 2020 18:52
FoR Codes: 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460407 System and network security @ 100%
SEO Codes: 89 INFORMATION AND COMMUNICATION SERVICES > 8902 Computer Software and Services > 890299 Computer Software and Services not elsewhere classified @ 100%
Downloads: Total: 911
Last 12 Months: 32
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page