Insider Threat Detection Based on Deep Clustering of Multi-Source Behavioral Events
-
Published:2023-12-06
Issue:24
Volume:13
Page:13021
-
ISSN:2076-3417
-
Container-title:Applied Sciences
-
language:en
-
Short-container-title:Applied Sciences
Author:
Wang Jiarong1ORCID, Sun Qianran1, Zhou Caiqiu1
Affiliation:
1. Institute of High Energy Physics, Chinese Academy of Sciences (CAS), Beijing 100049, China
Abstract
With the continuous advancement of enterprise digitization, insider threats have become one of the primary cybersecurity concerns for organizations. Therefore, it is of great significance to develop an effective insider threat detection mechanism to ensure the security of enterprises. Most methods rely on artificial feature engineering and input the extracted user behavior features into a clustering-based unsupervised machine learning model for insider threat detection. However, feature extraction is independent of clustering-based unsupervised machine learning. As a result, user behavior features are not the most appropriate for clustering-based unsupervised machine learning, and thus, they reduce the insider threat detection accuracy. This paper proposes an insider threat detection method based on the deep clustering of multi-source behavioral events. On the one hand, the proposed method constructs an end-to-end deep clustering network and automatically learns the user behavior feature expression from multi-source behavioral event sequences. On the other hand, a deep clustering objective function is presented to jointly optimize the learning of feature representations and the clustering task for insider threat detection. This optimization can adjust the optimal user behavior features for the clustering model to improve the insider threat detection accuracy. The experimental results show that the proposed end-to-end insider threat detection model can accurately identify insider threats based on abnormal multi-source user behaviors in enterprise networks.
Funder
National Natural Science Foundation of China Xiejialin Project of Institute of High Energy Physics
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference31 articles.
1. Cappelli, D.M., Moore, A.P., and Trzeciak, R.F. (2012). The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud), Addison-Wesley. 2. (2023, October 19). Insider Threat Report [EB/OL]. Available online: https://www.cybersecurity-insiders.com/portfolio/2023-insider-threat-report-gurucul/. 3. Parveen, P., Evans, J., Thuraisingham, B., Hamlen, K.W., and Khan, L. (2011, January 9–11). Insider threat detection using stream mining and graph mining. Proceedings of the 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, Boston, MA, USA. 4. Morales, A., Fierrez, J., and Ortega-Garcia, J. Towards predicting good users for biometric recognition based on keystroke dynamics. Proceedings of the Computer Vision-ECCV 2014 Workshops, Zurich, Switzerland, 6–7 and 12 September 2014, Part II 13. 5. An insider threat detection approach based on mouse dynamics and deep learning;Hu;Secur. Commun. Netw.,2019
|
|