Using machine learning techniques for insider threat detection

This paper presents an analysis of algorithms and approaches used to solve the problem of identifying insider threats using machine learning techniques. Internal threat detection in the context of this research is reduced to the task of detecting anomalies in the audit logs of access subjects' actions. The paper formalizes the main directions of insider threats detection and presents popular machine learning algorithms. The paper raises the problem of objective evaluation of research and development in the subject area. Based on the analysis recommendations for the implementation of internal threat detection systems using machine learning algorithms are developed.

1. A. Kim, J. Oh, J. Ryu and K. Lee, "A Review of Insider Threat Detection Approaches with IoT Perspective," in IEEE Access, vol. 8, pp. 78847-78867, 2020

2. Kim, J.; Park, M.; Kim, H.; Cho, S.; Kang, P. Insider Threat Detection Based on user Behavior Modeling and Anomaly Detection Algorithms. Appl. Sci. 2019, 9, 4018.

3. Alpaydin, E. Introduction to Machine Learning; MIT Press: Cambridge, MA, 2014

4. Al-Mhiqani M. N. et al. A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations //Applied Sciences. – 2020. – Т. 10. – №. 15. – С. 5208.

5. Al-Mhiqani M. N. et al. A new intelligent multilayer framework for insider threat detection //Computers & Electrical Engineering. – 2022. – Т. 97. – pp. 107597.

6. Rajaguru H., SR S. C. Analysis of decision tree and k-nearest neighbor algorithm in the classification of breast cancer //Asian Pacific journal of cancer prevention: APJCP. – 2019. – Т. 20. – №. 12. – С. 3777.

7. Sarma M. S. et al. Insider threat detection with face recognition and KNN user classification //2017 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM). – IEEE, 2017. – pp. 39-44.

8. Chauhan V. K., Dahiya K., Sharma A. Problem formulations and solvers in linear SVM: a review //Artificial Intelligence Review. – 2019. – Т. 52. – №. 2. – pp. 803-855.

9. Khan S. S., Madden M. G. One-class classification: taxonomy of study and review of techniques //The Knowledge Engineering Review. – 2014. – Т. 29. – №. 3. – pp. 345-374.

10. Buczak A. L., Guven E. A survey of data mining and machine learning methods for cyber security intrusion detection //IEEE Communications surveys & tutorials. – 2015. – Т. 18. – №. 2. – pp. 1153-1176.

11. Le D. C., Zincir-Heywood N. Anomaly detection for insider threats using unsupervised ensembles //IEEE Transactions on Network and Service Management. – 2021. – Т. 18. – №. 2. – pp. 1152-1164.

12. Sadaf K., Sultana J. Intrusion detection based on autoencoder and isolation forest in fog computing //IEEE Access. – 2020. – Т. 8. – pp. 167059-167068.

13. Hariri S., Kind M. C., Brunner R. J. Extended isolation forest //IEEE Transactions on Knowledge and Data Engineering. – 2019. – Т. 33. – №. 4. – pp. 1479-1489.

14. Zhang C., Ma Y. (ed.). Ensemble machine learning: methods and applications. – Springer Science & Business Media, 2012. – pp. 1-35.

15. David, Jisa, and Ciza Thomas. "Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic." Computers & Security 82 (2019): 284-295.

16. Song Y. et al. System level user behavior biometrics using Fisher features and Gaussian mixture models //2013 IEEE Security and Privacy Workshops. – IEEE, 2013. – pp. 52-59.

17. Harilal A. et al. The Wolf Of SUTD (TWOS): A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition //J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. – 2018. – Т. 9. – №. 1. – pp. 54-85.

18. Lindauer, Brian (2020): Insider Threat Test Dataset. Carnegie Mellon University. Dataset. https://doi.org/10.1184/R1/12841247.v1

19. Glasser J., Lindauer B. Bridging the gap: A pragmatic approach to generating insider threat data //2013 IEEE Security and Privacy Workshops. – IEEE, 2013. – pp. 98-104.

20. Al-Shehari T., Alsowail R. A. An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques //Entropy. – 2021. – Т. 23. – №. 10. – pp. 1258

21. Jiang W. et al. An insider threat detection method based on user behavior analysis //International Conference on Intelligent Information Processing. – Springer, Cham, 2018. – pp. 421-429.

22. Bartoszewski F. W. et al. Anomaly Detection for Insider Threats: An Objective Comparison of Machine Learning Models and Ensembles //IFIP International Conference on ICT Systems Security and Privacy Protection. – Springer, Cham, 2021. – pp. 367-381.

23. Aldairi M., Karimi L., Joshi J. A trust aware unsupervised learning approach for insider threat detection //2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI). – IEEE, 2019. – pp. 89-98.

24. Dosh M. Detecting insider threat within institutions using CERT dataset and different ML techniques //Periodicals of Engineering and Natural Sciences. – 2021. – Т. 9. – №. 2. – pp. 873-884.

25. Zou S. et al. Ensemble strategy for insider threat detection from user activity logs //Computers, Materials and Continua. – 2020.

26. Le D. C., Zincir-Heywood N., Heywood M. I. Analyzing data granularity levels for insider threat detection using machine learning //IEEE Transactions on Network and Service Management. – 2020. – Т. 17. – №. 1. – pp. 30-44.

27. Ferreira P., Le D. C., Zincir-Heywood N. Exploring feature normalization and temporal information for machine learning based insider threat detection //2019 15th International Conference on Network and Service Management (CNSM). – IEEE, 2019. – pp. 1-7.

28. R. V. Meshcheryakov, A. Yu. Iskhakov, O. O. Evsyutin, "Modern methods for ensuring data integrity in control protocols of cyber-physical systems", SPIIRAN proceedings, 19:5 (2020), 1089-1122.