An improved data pre-processing method for classification and insider information leakage detection

Abstract

Data pre-processing, a step performed prior to data processing, converts data into a form that is easy to analyse. In this study, we propose a method for the pre-processing and integration of data collected from various sources to detect insider information leakage; further, we evaluate the performance of data pre-processing by performing classification and detection experiments with collected normal and abnormal log data. An insider information leakage attack scenario was created, and the attack data for this scenario were generated in order to collect the corresponding log data. This preprocessing stage improved the efficiency of information leakage analysis and detection, as demonstrated by the results of our experiments that shown the performance with accuracies of 0.9991 and 0.9997, respectively, in source classification. In addition, we found that securing the attack scenario and actual attack data is a very important factor in insider information leakage detection owing to the small amount of attack data.