Application of machine learning methods to counter insider threat to information security

Abstract

The subject of the study is the problem of internal threats to information security in organizations in the face of malicious insiders, as well as negligent employees. The object of the study is machine learning algorithms in terms of their applicability for detecting abnormal behavior of employees. The author delves into the problems of insider threat, and also considers various approaches to detecting malicious user actions, adapting these concepts to the most suitable machine learning algorithms in terms of functionality, implemented further in the framework of the experiment. The emphasis is on the insufficiency of existing generally accepted security measures and policies and the need to improve them through new technological solutions. The main result of the conducted research is an experimental demonstration of how controlled machine learning and data mining can be effectively used to identify internal threats. During the experiment, a realistic set of input data is used, compiled on the basis of real cases of insider activity, which makes it possible to evaluate the operation of machine learning algorithms in conditions close to combat. When comparing the results obtained, the most efficient algorithm is determined, which is preferable for future studies with a larger data set. A special contribution of the author is a fresh look at the understanding of the insider threat and an experimentally substantiated argument in favor of a new approach to countering this threat, combining a complex of diverse measures. Thus, the work involves both mathematical methods on which the logic of machine-learning algorithms is based: classification, regression, adaptive enhancement, etc., and linguistic methods used for preprocessing the input data set, such as stemming, vectorization and tokenization.