К вопросу о реализации алгоритмов выявления внутренних угроз с применением машинного обучения

В работе представлен анализ алгоритмов и подходов, применяемых для решения задачи выявления внутренних угроз с применением методов машинного обучения. Выявление внутренних угроз в контексте данного исследования сводится к решению задачи детектирования аномалий в журналах аудита действий субъектов доступа. В статье формализованы основные направления выявления внутренних угроз, приведены популярные алгоритмы машинного обучения. В работе поднимается проблема объективной оценки результатов исследований и разработок в данной предметной области.  На основании проведенного анализа разработаны рекомендации по реализации систем выявления внутренних угроз с помощью алгоритмов машинного обучения.

1. A. Kim, J. Oh, J. Ryu and K. Lee, "A Review of Insider Threat Detection Approaches with IoT Perspective," in IEEE Access, vol. 8, C. 78847-78867, 2020

2. Kim, J.; Park, M.; Kim, H.; Cho, S.; Kang, P. Insider Threat Detection Based on user Behavior Modeling and Anomaly Detection Algorithms. Appl. Sci. 2019, 9, 4018.

3. Alpaydin, E. Introduction to Machine Learning; MIT Press: Cambridge, MA, 2014

4. Al-Mhiqani M. N. et al. A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations //Applied Sciences. – 2020. – Т. 10. – №. 15. – С. 5208.

5. Al-Mhiqani M. N. et al. A new intelligent multilayer framework for insider threat detection //Computers & Electrical Engineering. – 2022. – Т. 97. – С. 107597.

6. Rajaguru H., SR S. C. Analysis of decision tree and k-nearest neighbor algorithm in the classification of breast cancer //Asian Pacific journal of cancer prevention: APJCP. – 2019. – Т. 20. – №. 12. – С. 3777.

7. Sarma M. S. et al. Insider threat detection with face recognition and KNN user classification //2017 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM). – IEEE, 2017. – С. 39-44.

8. Chauhan V. K., Dahiya K., Sharma A. Problem formulations and solvers in linear SVM: a review //Artificial Intelligence Review. – 2019. – Т. 52. – №. 2. – С. 803-855.

9. Khan S. S., Madden M. G. One-class classification: taxonomy of study and review of techniques //The Knowledge Engineering Review. – 2014. – Т. 29. – №. 3. – С. 345-374.

10. Buczak A. L., Guven E. A survey of data mining and machine learning methods for cyber security intrusion detection //IEEE Communications surveys & tutorials. – 2015. – Т. 18. – №. 2. – С. 1153-1176.

11. Le D. C., Zincir-Heywood N. Anomaly detection for insider threats using unsupervised ensembles //IEEE Transactions on Network and Service Management. – 2021. – Т. 18. – №. 2. – С. 1152-1164.

12. Sadaf K., Sultana J. Intrusion detection based on autoencoder and isolation forest in fog computing //IEEE Access. – 2020. – Т. 8. – С. 167059-167068.

13. Hariri S., Kind M. C., Brunner R. J. Extended isolation forest //IEEE Transactions on Knowledge and Data Engineering. – 2019. – Т. 33. – №. 4. – С. 1479-1489.

14. Zhang C., Ma Y. (ed.). Ensemble machine learning: methods and applications. – Springer Science & Business Media, 2012. – С. 1-35.

15. David, Jisa, and Ciza Thomas. "Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic." Computers & Security 82 (2019): 284-295.

16. Song Y. et al. System level user behavior biometrics using Fisher features and Gaussian mixture models //2013 IEEE Security and Privacy Workshops. – IEEE, 2013. – С. 52-59.

17. Harilal A. et al. The Wolf Of SUTD (TWOS): A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition //J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. – 2018. – Т. 9. – №. 1. – С. 54-85.

18. Lindauer, Brian (2020): Insider Threat Test Dataset. Carnegie Mellon University. Dataset. https://doi.org/10.1184/R1/12841247.v1

19. Glasser J., Lindauer B. Bridging the gap: A pragmatic approach to generating insider threat data //2013 IEEE Security and Privacy Workshops. – IEEE, 2013. – С. 98-104.

20. Al-Shehari T., Alsowail R. A. An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques //Entropy. – 2021. – Т. 23. – №. 10. – С. 1258

21. Jiang W. et al. An insider threat detection method based on user behavior analysis //International Conference on Intelligent Information Processing. – Springer, Cham, 2018. – С. 421-429.

22. Bartoszewski F. W. et al. Anomaly Detection for Insider Threats: An Objective Comparison of Machine Learning Models and Ensembles //IFIP International Conference on ICT Systems Security and Privacy Protection. – Springer, Cham, 2021. – С. 367-381.

23. Aldairi M., Karimi L., Joshi J. A trust aware unsupervised learning approach for insider threat detection //2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI). – IEEE, 2019. – С. 89-98.

24. Dosh M. Detecting insider threat within institutions using CERT dataset and different ML techniques //Periodicals of Engineering and Natural Sciences. – 2021. – Т. 9. – №. 2. – С. 873-884.

25. Zou S. et al. Ensemble strategy for insider threat detection from user activity logs //Computers, Materials and Continua. – 2020.

26. Le D. C., Zincir-Heywood N., Heywood M. I. Analyzing data granularity levels for insider threat detection using machine learning //IEEE Transactions on Network and Service Management. – 2020. – Т. 17. – №. 1. – С. 30-44.

27. Ferreira P., Le D. C., Zincir-Heywood N. Exploring feature normalization and temporal information for machine learning based insider threat detection //2019 15th International Conference on Network and Service Management (CNSM). – IEEE, 2019. – С. 1-7.

28. Р. В. Мещеряков, А. Ю. Исхаков, О. О. Евсютин, “Современные методы обеспечения целостности данных в протоколах управления киберфизических систем”, Тр. СПИИРАН, 19:5 (2020), 1089–1122