An efficient pattern-based approach for insider threat classification using the image-based feature representation. (March 2023)
- Record Type:
- Journal Article
- Title:
- An efficient pattern-based approach for insider threat classification using the image-based feature representation. (March 2023)
- Main Title:
- An efficient pattern-based approach for insider threat classification using the image-based feature representation
- Authors:
- Randive, Krunal
Mohan, R.
Sivakrishna, Ambairam Muthu - Abstract:
- Abstract: Insider threats are expensive, difficult to detect, and sadly, on the rise. Despite significant research efforts, existing approaches are inadequate in accuracy and precision. They also suffer from a high false-positive rate in detecting insider attacks due to the heterogeneous nature of available insider threat data. Researchers have attempted an image-based approach for detecting insider threats to overcome the challenges from existing techniques. Most existing image-based approaches utilized Convolutional neural networks (CNN) to detect insider threats. Moreover, the CNN-based model lost the important user behavioral features due to the pooling operation. Also, they are often unsuitable for predictive modeling with features that lack spatial correlations. Aiming to address this issue, the Wavelet convolutional neural network (WCNN) is proposed. The WCNN model takes advantage of spectral and spatial analysis to classify insider threats using image-based feature representations. The proposed approach combines the scenario-specific single-day features from the user activity logs into a one-dimensional feature vector. It is then represented as images that reveal visual patterns effectively to identify malicious insiders using WCNN. In addition, the proposed approach adopts the SMOTEENN sampling technique to solve the class imbalance problem. The performance of the proposed approach is evaluated on the benchmark dataset. Experimental results show the improvement ofAbstract: Insider threats are expensive, difficult to detect, and sadly, on the rise. Despite significant research efforts, existing approaches are inadequate in accuracy and precision. They also suffer from a high false-positive rate in detecting insider attacks due to the heterogeneous nature of available insider threat data. Researchers have attempted an image-based approach for detecting insider threats to overcome the challenges from existing techniques. Most existing image-based approaches utilized Convolutional neural networks (CNN) to detect insider threats. Moreover, the CNN-based model lost the important user behavioral features due to the pooling operation. Also, they are often unsuitable for predictive modeling with features that lack spatial correlations. Aiming to address this issue, the Wavelet convolutional neural network (WCNN) is proposed. The WCNN model takes advantage of spectral and spatial analysis to classify insider threats using image-based feature representations. The proposed approach combines the scenario-specific single-day features from the user activity logs into a one-dimensional feature vector. It is then represented as images that reveal visual patterns effectively to identify malicious insiders using WCNN. In addition, the proposed approach adopts the SMOTEENN sampling technique to solve the class imbalance problem. The performance of the proposed approach is evaluated on the benchmark dataset. Experimental results show the improvement of the proposed approach over the current state-of-the-art techniques in terms of classification accuracy (97.19%), AUC (97.30%), and low false positives to identify malicious insiders. … (more)
- Is Part Of:
- Journal of information security and applications. Volume 73(2023)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 73(2023)
- Issue Display:
- Volume 73, Issue 2023 (2023)
- Year:
- 2023
- Volume:
- 73
- Issue:
- 2023
- Issue Sort Value:
- 2023-0073-2023-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-03
- Subjects:
- Insider threat -- Multi-perspective feature selection -- Class imbalance -- Image-based feature representation -- Wavelet CNN -- Insider threat classification
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2023.103434 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 26123.xml