Manoharan, Phavithra, Hong, Wei ORCID: 0000-0003-2833-9228 (external link), Yin, Jiao ORCID: 0000-0002-0269-2624 (external link), Zhang, Yanchun ORCID: 0000-0002-5094-5980 (external link), Ye, Wenjie ORCID: 0000-0002-9676-1335 (external link) and Ma, Jiangang ORCID: 0000-0002-8449-7610 (external link) (2023) Bilateral Insider Threat Detection: Harnessing Standalone and Sequential Activities with Recurrent Neural Networks. In: Web Information Systems Engineering – WISE 2023; 24th International Conference, 25-27 Oct 2023, Melbourne, Australia.

Abstract

Insider threats involving authorised individuals exploiting their access privileges within an organisation can yield substantial damage compared to external threats. Conventional detection approaches analyse user behaviours from logs, using binary classifiers to distinguish between malicious and non-malicious users. However, existing methods focus solely on standalone or sequential activities. To enhance the detection of malicious insiders, we propose a novel approach: bilateral insider threat detection combining RNNs to incorporate standalone and sequential activities. Initially, we extract behavioural traits from log files representing standalone activities. Subsequently, RNN models capture features of sequential activities. Concatenating these features, we employ binary classification to detect insider threats effectively. Experiments on the CERT 4.2 dataset showcase the approach’s superiority, significantly enhancing insider threat detection using features from both standalone and sequential activities.

Search Google Scholar (external link)

Repository staff login