Visible to the public Role-based Log Analysis Applying Deep Learning for Insider Threat Detection

TitleRole-based Log Analysis Applying Deep Learning for Insider Threat Detection
Publication TypeConference Paper
Year of Publication2018
AuthorsZhang, Dongxue, Zheng, Yang, Wen, Yu, Xu, Yujue, Wang, Jingchuo, Yu, Yang, Meng, Dan
Conference NameProceedings of the 1st Workshop on Security-Oriented Designs of Computer Architectures and Processors
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5991-7
KeywordsDeep Learning, Human Behavior, insider threat, log data analysis, Metrics, pubcrawl, resilience
AbstractInsider threats have shown their great destructive power in information security and financial stability and have received widespread attention from governments and organizations. Traditional intrusion detection systems fail to be effective in insider attacks due to the lack of extensive knowledge for insider behavior patterns. Instead, a more sophisticated method is required to have a deeper understanding for activities that insiders communicate with the information system. In this paper, we design a classifier, a neural network model utilizing Long Short Term Memory (LSTM) to model user log as a natural language sequence and achieve role-based classification. LSTM Model can learn behavior patterns of different users by automatically extracting feature and detect anomalies when log patterns deviate from the trained model. To illustrate the effective of classification model, we design two experiments based on cmu dataset. Experimental evaluations have shown that our model can successfully distinguish different behavior pattern and detect malicious behavior.
URLhttp://doi.acm.org/10.1145/3267494.3267495
DOI10.1145/3267494.3267495
Citation Keyzhang_role-based_2018