Using machine learning techniques for insider threat detection

Abstract

This paper presents an analysis of algorithms and approaches used to solve the problem of identifying insider threats using machine learning techniques. Internal threat detection in the context of this research is reduced to the task of detecting anomalies in the audit logs of access subjects' actions. The paper formalizes the main directions of insider threats detection and presents popular machine learning algorithms. The paper raises the problem of objective evaluation of research and development in the subject area. Based on the analysis recommendations for the implementation of internal threat detection systems using machine learning algorithms are developed.