Liu, Liu, Chen, Chao, Zhang, Jun, De Vel, Olivier, and Xiang, Yang (2020) Doc2vec-based insider threat detection through behaviour analysis of multi-source security logs. In: Proceedings of the IEEE 19th International Conference on Trust, Security and Privacy in Computing. pp. 301-309. From: TrustCom 2020: IEEE 19th International Conference on Trust, Security and Privacy in Computing, 29 December 2020 - 1 January 2021, Guangzhou, China.

PDF (Accepted Publisher Version) - Published Version Restricted to Repository staff only

 

2

2

Abstract

Since insider attacks have been recognised as one of the most critical cyber security threats to an organisation, detection of malicious insiders has received increasing attention inrecent years. Previously, we proposed an approach that performs the detection by analysing various security logs with Word2vec, which not only removes the reliance on prior knowledge but also greatly simplifies the process of decision making and improves the interpretability of the alerts. In this paper, following the similar idea, a new Doc2vec based approach is proposed to overcome the previous approach's limitations: (1) the behaviour metrics canbe acquired straightforwardly due to the Doc2vec's capability in inferring unseen texts of any length; (2) other than the temporal metrics, some spatial metrics can also be realised, providing amore comprehensive insight into the unusual behaviours; and (3)a range of corpora are produced by adopting different keywordsto aggregate, each of which may be suited to a specific type of behaviour metrics. A large number of numerical experiments are conducted using the same benchmark insider threat database, for the purpose of testing how the corpora, metrics and training parameters impact on the performance and be related to each other. The experiments demonstrate that the proposed approachcan achieve a similar performance with greater simplicity and flexibility.

Actions (Repository Staff Only)

Item Control Page