Abstract
Machine learning (ML) techniques have currently been exploited for malicious insider threat (MIT) detection. The data variation between malicious and genuine user influences the ML model to misinterpret a malicious insider. Hence, the class imbalance problem (CIP) remains a challenging one. Regardless of the CIP in MIT detection, past research has a significant shortfall in deploying diverse sampling methods. i.e., undersampling and oversampling approach. This study proposed a novel double-layer architecture for MIT detection. The initial layer involves integration, transformation, and sampling system of data. In the sampling system, an efficient sampling approach is adopted to depreciate CIP among eight sampling techniques, depending on the performance of support vector machine (SVM) classifier. Nearmiss2 (NM-2) excels and is considered an optimal sampling technique. In the second layer, sampled data of NM-2 is employed in an anomalous MIT detection model using various anomaly detection techniques and evaluated with performance metrics. The main focus is to validate the solution for CIP in anomaly detection techniques with previous research. The proposed double-layer architecture with NM-2 and One-class SVM obtained recall and f-score of 100% and 78.72%. In contrast, it exhibits an accuracy of 82.46%, with a reasonable detection rate for MIT detection
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
