A Stacked Ensemble Framework for Detecting Malicious Insiders
Keywords:
Ensemble Learning, Malicious Insider Threat, Machine Learning, Stacked GeneralizationAbstract
One of the mainstream strategies identified for detecting Malicious Insider Threat (MIT) is building stacking ensemble Machine Learning (ML) models to reveal malevolent insider activities through anomalies in user activities. However, most anomalies found by these learning models were not malicious because MIT was treated as a single entity, whereas there are various forms of this threat with their own distinct signature. To address this deficiency, this study focused on designing a stacked ensemble framework for detecting malicious insider threat which utilizes a one scenario per algorithm strategy. A model that can be used to test the framework was proposed.
Downloads
References
P. A. Legg, "Visualizing the insider threat: Challenges and tools for identifying malicious user activity," in Proceedings of the 2015 IEEE Symposium on Visualization for Cyber Security, Chicago, IL, USA, 2015.
Verizon, "2019 Data Breach Investigations Report," Verizon, United States of America, 2019.
IBM, "IBM X-Force Threat Intelligence Index," 2018. [Online]. Available: https://www.ibm.com/security/data-breach/threat-intellige nce
Thales Security, " Thales Data Threat Report," 2018. [Online]. Available: http://go.thalesesecurity.com/rs/480-LWA-970/image/201 8-data-threatreport-global-edition-ar.pdf
A. E. Abdallah and I. A. Gheyas, "Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis," Big Data Analytics, 2016.
S. E. Adewumi, C. K. Ayo and T. O. Oladimeji, "Review on Insider Threat Techniques," in Journal of Physics: Confernce Series, 2019.
S. J. Berdal, A holistic approach to insider threat detection, Doctoral thesis, University of Oslo, 2018.
K. Haedong, K. Junhong, P. Minsik, K. Pilsung and C. Suhyoun, "Insider Threat Detection Based on User Behavior Modelling and Anomaly Detection Algorithms," Journal of Applied Sciences, pp. 1-5, 2019.
A. Kondaveeti, "Insider Threat Detection: Detecting variance in user behavior using an ensemble approach," 2017. [Online]. Available: https://content.pivotal.io/blog/insider-threat-detection-dete
cting-variance-in-user-behavior-using-an-ensemble-appro ach.
O. Igbe and T. Saadawi, "Insider Threat Detection using an Artificial Immune System Algorithm," IEEE, pp. 10-19, 2018.
N. Elmrabit, S.-H. Yang and L. Yang, "Insider Threats in Information Security," in 21st International Conference on Automation and Computing (ICAC), 2015.
A. N. Erekat, An Ensemble Learning Approach for Surgery Cancellation Prediction for Efficient Operating Room Planning, New York: ProQuest LLC, 2017.
E. B. M. Bashier, M. B. Khan and M. Mohammed, "Machine Learning: Algorithms and application," in Machine Learning: Algorithms and application, Boca Raton, CRC Press, 2016, pp. 2-16.
W. Li, W. Meng and L. F. Kwok, "Enhancing collaborative intrustion detection networks against inside attacks using supervised intrusion sensitive-based trust management model," Network and Computer Applications, pp. 135-145, 2017.
