An improved feature extraction algorithm for insider threat using hidden Markov model on user behavior detection. (3rd July 2020)
- Record Type:
- Journal Article
- Title:
- An improved feature extraction algorithm for insider threat using hidden Markov model on user behavior detection. (3rd July 2020)
- Main Title:
- An improved feature extraction algorithm for insider threat using hidden Markov model on user behavior detection
- Authors:
- Ye, Xiaoyun
Han, Myung-Mook - Abstract:
- Abstract : Purpose: By using a new feature extraction method on the Cert data set and using a hidden Markov model (HMM) to model and analyze the behavior of users to distinguish whether the behavior is normal within a continuous period. Design/methodology/approach: Feature extraction of five parts of the time series by rules and sorting in chronological order. Use the obtained features to calculate the probability parameters required by the HMM model and establish a behavior model for each user. When the user has abnormal behavior, the model will return a very low probability value to distinguish between normal and abnormal information. Findings: Generally, HMM parameters are obtained by supervised learning and unsupervised learning, but the hidden state cannot be clearly defined. When the hidden state is determined according to the data set, the accuracy of the model will be improved. Originality/value: This paper proposes a new feature extraction method and analysis mode, which determines the shape of the hidden state according to the situation of the data set, making subsequent HMM modeling simple and efficient and in turn improving the accuracy of user behavior detection.
- Is Part Of:
- Information and computer security. Volume 30:Number 1(2022)
- Journal:
- Information and computer security
- Issue:
- Volume 30:Number 1(2022)
- Issue Display:
- Volume 30, Issue 1 (2022)
- Year:
- 2022
- Volume:
- 30
- Issue:
- 1
- Issue Sort Value:
- 2022-0030-0001-0000
- Page Start:
- 19
- Page End:
- 36
- Publication Date:
- 2020-07-03
- Subjects:
- Hidden Markov model -- Insider threat detection -- Viterbi algorithm -- Anomaly detection
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-12-2019-0142 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 25226.xml