Abstract
In insider threat detection domain, the datasets are highly imbalanced, where the number of user's normal behavior is higher than that of insider's anomalous behavior. A direct approach to handle the class imbalance problem is using data augmentation on the minority class. Existing data augmentation methods mainly produce synthetic samples according with the linear operation based on samples of the minority class. Hence, these methods just focus on local information which leads to the unitarily of the synthetic samples, resulting in overfitting. To enrich the diversity of the synthetic samples, we propose a deep adversarial insider threat detection (DAITD) framework using the Generative Adversarial Networks (GAN) to approximate the true anomalous behavior distribution. Specifically, we first obtain anomalous user behavior representations from the anomalous behavior data (minority class), and then use the generator of the GAN to model the actual anomalous behavior distribution, use the discriminator of the GAN to distinguish whether the synthetic sample from the generator is real or not. In this way, our method is able to generate high quality synthetic samples that are close to the anomalous user behavior. Experimental results show that the DAITD framework outperforms other comparative inside threat detection algorithms.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.