Doc2vec-based insider threat detection through behaviour analysis of multi-source security logs

Liu, Liu, Chen, Chao, Zhang, Jun, De Vel, Olivier, and Xiang, Yang (2020) Doc2vec-based insider threat detection through behaviour analysis of multi-source security logs. In: Proceedings of the IEEE 19th International Conference on Trust, Security and Privacy in Computing. pp. 301-309. From: TrustCom 2020: IEEE 19th International Conference on Trust, Security and Privacy in Computing, 29 December 2020 - 1 January 2021, Guangzhou, China.

[img] PDF (Accepted Publisher Version) - Published Version
Restricted to Repository staff only

View at Publisher Website: https://doi.org/10.1109/TrustCom50675.20...
 
2


Abstract

Since insider attacks have been recognised as one of the most critical cyber security threats to an organisation, detection of malicious insiders has received increasing attention inrecent years. Previously, we proposed an approach that performs the detection by analysing various security logs with Word2vec, which not only removes the reliance on prior knowledge but also greatly simplifies the process of decision making and improves the interpretability of the alerts. In this paper, following the similar idea, a new Doc2vec based approach is proposed to overcome the previous approach's limitations: (1) the behaviour metrics canbe acquired straightforwardly due to the Doc2vec's capability in inferring unseen texts of any length; (2) other than the temporal metrics, some spatial metrics can also be realised, providing amore comprehensive insight into the unusual behaviours; and (3)a range of corpora are produced by adopting different keywordsto aggregate, each of which may be suited to a specific type of behaviour metrics. A large number of numerical experiments are conducted using the same benchmark insider threat database, for the purpose of testing how the corpora, metrics and training parameters impact on the performance and be related to each other. The experiments demonstrate that the proposed approachcan achieve a similar performance with greater simplicity and flexibility.

Item ID: 65433
Item Type: Conference Item (Research - E1)
ISBN: 978-0-7381-4380-4
Copyright Information: (C) IEEE
Date Deposited: 20 Jan 2021 00:14
FoR Codes: 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460403 Data security and protection @ 60%
46 INFORMATION AND COMPUTING SCIENCES > 4603 Computer vision and multimedia computation > 460308 Pattern recognition @ 40%
SEO Codes: 89 INFORMATION AND COMMUNICATION SERVICES > 8902 Computer Software and Services > 890299 Computer Software and Services not elsewhere classified @ 100%
Downloads: Total: 2
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page