Unveiling shadows: A comprehensive framework for insider threat detection based on statistical and sequential analysis

Abstract

With the increasing importance of internal information security, detecting insider threats has become a critical issue to safeguard organizations' information systems. However, most of the previous studies either overlook temporal relationships or have difficulty attaining accurate performance. One of the primary factors contributing to this challenge is their approach, which lacks a holistic perspective. To our knowledge, none of these studies has considered the integration of statistical and sequential information in addressing this issue. Therefore, we propose a comprehensive framework for insider threat detection based on statistical and sequential analysis to address this challenge. Leveraging the strengths of both statistical analysis and sequential analysis, we deploy an efficient implementation for analyzing and modeling user data based on convolutional attention and a transformer encoder, referred to as CATE. First, user behavior logs are consolidated from diverse sources and preprocessed into a suitable format for subsequent analysis. Then, two parallel analysis modules analyze user data in two different dimensions. The analysis modules are entirely constructed using a neural network for its high adaptability and efficient integration of information from distinct dimensions. Specifically, a subnetwork structure based on convolutional attention is designed to effectively learn statistical information, while a separate subnetwork structure based on transformers is tailored for learning sequential information. Finally, we perform a series of solid experiments utilizing the publicly available CERT dataset to evaluate our framework's effectiveness and robustness in detecting insider threats and identifying malicious scenarios.