Abstract
Insider threat problems have occurred frequently and caused significant damage to organizations. Many existing techniques represent the user activities recorded in audit data as sequential data to capture the differences between benign and malicious users' behavior. However, multi-granular temporal information of user activity has not been explored adequately, especially for these rare malicious samples. This paper focuses on user behavior Sequences and proposes an Augmentation framework to boost the performance on Insider Threat Detection (SeqA-ITD). SeqA-ITD first embeds temporal information into user behavior sequences and then captures malicious user behavior's temporal and sequential patterns to generate discrete temporal sequences. A multi-granular enhanced Long Short-Term Memory (LSTM) model learns the original and generated temporal sequences with distinct temporal granularities to detect abnormal ones. To verify the effectiveness of our proposed method, we conduct comparison experiments on the Cert 4.2 dataset. Our proposed model achieves an F1-score of 0.9585 in day-level insider threat detection and outperforms baselines.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
