A new intelligent multilayer framework for insider threat detection. (January 2022)
- Record Type:
- Journal Article
- Title:
- A new intelligent multilayer framework for insider threat detection. (January 2022)
- Main Title:
- A new intelligent multilayer framework for insider threat detection
- Authors:
- Al-Mhiqani, Mohammed Nasser
Ahmad, Rabiah
Abidin, Z. Zainal
Abdulkareem, Karrar Hameed
Mohammed, Mazin Abed
Gupta, Deepak
Shankar, K. - Abstract:
- Highlights: Proposes a new intelligent multilayers framework for selecting the best insider threat detection models and hybrid detection system for insider threat. Proposes a new hybrid insider threats detection based on combination of misuse and anomaly insider threats detection to improve the detection of insider threats. The hybrid detection is much better than the single models and other classifiers in respect of all the other classification metrics for both known and unknown insider threats. Abstract: In several earlier studies, machine learning (ML) has been widely used for building insider threat detection systems. However, the selection of the most appropriate ML classification model for insider threats detection remains a challenge. Despite the prominence of ML in the domain of insider threat detection, none of the previous works have utilized ML techniques for building a hybrid solution that can take advantage of the misuse and anomaly insider threat detection. In this study, a new multilayer framework has been proposed for insider threat detection. The first layer of the framework is used for selecting the best insider threat detection classification model among many based on the multi-criteria decision making techniques. The selection procedure has been developed based on the integration of the entropy-VIKOR methods. For the second layer, a hybrid insider threat detection method has been proposed, where the Misuse Insider Threat Detection (MITD) model has beenHighlights: Proposes a new intelligent multilayers framework for selecting the best insider threat detection models and hybrid detection system for insider threat. Proposes a new hybrid insider threats detection based on combination of misuse and anomaly insider threats detection to improve the detection of insider threats. The hybrid detection is much better than the single models and other classifiers in respect of all the other classification metrics for both known and unknown insider threats. Abstract: In several earlier studies, machine learning (ML) has been widely used for building insider threat detection systems. However, the selection of the most appropriate ML classification model for insider threats detection remains a challenge. Despite the prominence of ML in the domain of insider threat detection, none of the previous works have utilized ML techniques for building a hybrid solution that can take advantage of the misuse and anomaly insider threat detection. In this study, a new multilayer framework has been proposed for insider threat detection. The first layer of the framework is used for selecting the best insider threat detection classification model among many based on the multi-criteria decision making techniques. The selection procedure has been developed based on the integration of the entropy-VIKOR methods. For the second layer, a hybrid insider threat detection method has been proposed, where the Misuse Insider Threat Detection (MITD) model has been created using the random forest algorithm. Subsequently, using the K-Nearest Neighbors algorithm, an anomaly insider threat detection algorithm has been developed. The proposed multilayer framework for insider threat detection has been evaluated by using the CERT r4.2 dataset. Results of the experiment demonstrate that the validity of the results produced by the selection framework is proven by the validation procedure obtained from previous research. The proposed hybrid detection method is observed to exhibit an overall accuracy of 99% and a false positive rate of 0.29% for known insider threats, whereas it exhibits 97% accuracy and 2.88% false-positive rate for unknown insider threats. Graphical abstract: Image, graphical abstract . … (more)
- Is Part Of:
- Computers & electrical engineering. Volume 97(2022)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 97(2022)
- Issue Display:
- Volume 97, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 97
- Issue:
- 2022
- Issue Sort Value:
- 2022-0097-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-01
- Subjects:
- Insider threat -- Cybersecurity -- Classification -- Entropy -- VIKOR
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2021.107597 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20358.xml