An efficient pattern-based approach for insider threat classification using the image-based feature representation

Abstract

Insider threats are expensive, difficult to detect, and sadly, on the rise. Despite significant research efforts, existing approaches are inadequate in accuracy and precision. They also suffer from a high false-positive rate in detecting insider attacks due to the heterogeneous nature of available insider threat data. Researchers have attempted an image-based approach for detecting insider threats to overcome the challenges from existing techniques. Most existing image-based approaches utilized Convolutional neural networks (CNN) to detect insider threats. Moreover, the CNN-based model lost the important user behavioral features due to the pooling operation. Also, they are often unsuitable for predictive modeling with features that lack spatial correlations. Aiming to address this issue, the Wavelet convolutional neural network (WCNN) is proposed. The WCNN model takes advantage of spectral and spatial analysis to classify insider threats using image-based feature representations. The proposed approach combines the scenario-specific single-day features from the user activity logs into a one-dimensional feature vector. It is then represented as images that reveal visual patterns effectively to identify malicious insiders using WCNN. In addition, the proposed approach adopts the SMOTEENN sampling technique to solve the class imbalance problem. The performance of the proposed approach is evaluated on the benchmark dataset. Experimental results show the improvement of the proposed approach over the current state-of-the-art techniques in terms of classification accuracy (97.19%), AUC (97.30%), and low false positives to identify malicious insiders.