Abstract
The growth of edge computing, the Internet of Things (IoT), and cloud computing have been accompanied by new security issues evolving in the information security infrastructure. Recent studies suggest that the cost of insider attacks is higher than the external threats, making it an essential aspect of information security for organizations. Efficient insider threat detection requires state-of-the-art Artificial Intelligence models and utility. Although significant have been made to detect insider threats for more than a decade, there are many limitations, including a lack of real data, low accuracy, and a relatively low false alarm, which are major concerns needing further investigation. In this paper, an attempt to fulfill these gaps by detecting insider threats with the novelties of the present investigation first developed two deep learning hybrid LSTM models integrated with Google's Word2vec LSTM (Long Short-Term Memory) GLoVe (Global Vectors for Word Representation) LSTM. Secondly, the performance of two hybrid DL models was compared with the state-of-the-art ML models such as XGBoost, AdaBoost, RF (Random Forest), KNN (K-Nearest Neighbor) and LR (Logistics Regression). Thirdly, the present investigation bridges the gaps of using a real dataset, high accuracy, and significantly lower false alarm rate. It was found that ML-based models outperformed the DL-based ones. The results were evaluated based on earlier studies and deemed efficient at detecting insider threats using the real dataset.
Highlights
In telecommunication, we are exchanging and sharing several petabytes of information over computer networks
There are multiple accuracy assessment metrics used to evaluate the insider threat; no framework or standard exists in the current time to evaluate the standard for insider threat detection models or tools
Recent studies have suggested that the cost of insider attacks is higher than the external threats, making it an important aspect of information security for organizations
Summary
We are exchanging and sharing several petabytes of information over computer networks It requires the protection of information from insider and outsider threats. While the detection of outsider threats has an adequate level of security benchmarks, local insider attackers are increasing data vulnerability due to expansion in technology. According to a survey report (2019) [6] of insider threat, the organization felt 68% vulnerable from moderately to extremely, 73% inside attacked confirmed by organizations, 53% of inside attacked migrate to the cloud become more challenging, and 59% privileged user of the organization poses the biggest insider security risk. Previous insider threat detection methods have many limitations, including a lack of real data, low accuracy, and a relatively low false alarm. The present investigation bridges the gaps of using a real dataset, high accuracy, and significantly lower false alarm rate
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have