Abstract
The insider threat is a vital security problem concern in both the private and public sectors. A lot of approaches available for detecting and mitigating insider threats. However, the implementation of an effective system for insider threats detection is still a challenging task. In previous work, the Machine Learning (ML) technique was proposed in the insider threats detection domain since it has a promising solution for a better detection mechanism. Nonetheless, the (ML) techniques could be biased and less accurate when the dataset used is hugely imbalanced. Therefore, in this article, an integrated insider threat detection is named (AD-DNN), which is an integration of adaptive synthetic technique (ADASYN) sampling approach and deep neural network technique (DNN). In the proposed model (AD-DNN), the adaptive synthetic (ADASYN) is used to solve the imbalanced data issue and the deep neural network (DNN) for insider threat detection. The proposed model uses the CERT dataset for the evaluation process. The experimental results show that the proposed integrated model improves the overall detection performance of insider threats. A significant impact on the accuracy performance brings a better solution in the proposed model compared with the current insider threats detection system.
Highlights
Information systems are facing a security challenge, which comes from outside or inside of an organization
The insider threat activity was conducted by the intentional insiders; such as sabotage of information system, classified information disclosure and theft of intellectual property, or by Despite the good performance demonstrated by the current insider threat detection approaches, the traditional machine learning techniques are not able to utilize all the data of user behavior because of the complexity, high-dimensionality, sparsity, and heterogeneity of the data
It can be seen that an integrated insider threat detection is named (AD-deep neural network (DNN)) is superior to other www.ijacsa.thesai.org methods in almost all the evaluation metric, for example the DNN without adaptive synthetic technique (ADASYN) that gives 86% accuracy, 48% F-score, 80% Area Under-Curve (AUC),87% FNR, 12.9% FPR and 27% FNR. This is because AD-DNN consider and solve the imbalance data problem before start training the classifier, and our method can effectively improve the performance of detection
Summary
Information systems are facing a security challenge, which comes from outside or inside of an organization. The inside security issue comes from the “trusted” employee within the organization In which this issue involves both a behavioral and a technical nature [1][2]. Imbalanced data usually produce high accuracy in detecting the majority class, while the accuracy of the minority class is very low. This type of result is not suitable in the situation of insider threats, where the minority class is the important in detection [10][11]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
