Abstract

Insider threat problems have occurred frequently and caused significant damage to organizations. Many existing techniques represent the user activities recorded in audit data as sequential data to capture the differences between benign and malicious users' behavior. However, multi-granular temporal information of user activity has not been explored adequately, especially for these rare malicious samples. This paper focuses on user behavior Sequences and proposes an Augmentation framework to boost the performance on Insider Threat Detection (SeqA-ITD). SeqA-ITD first embeds temporal information into user behavior sequences and then captures malicious user behavior's temporal and sequential patterns to generate discrete temporal sequences. A multi-granular enhanced Long Short-Term Memory (LSTM) model learns the original and generated temporal sequences with distinct temporal granularities to detect abnormal ones. To verify the effectiveness of our proposed method, we conduct comparison experiments on the Cert 4.2 dataset. Our proposed model achieves an F1-score of 0.9585 in day-level insider threat detection and outperforms baselines.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.