Title | Role-based Log Analysis Applying Deep Learning for Insider Threat Detection |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Zhang, Dongxue, Zheng, Yang, Wen, Yu, Xu, Yujue, Wang, Jingchuo, Yu, Yang, Meng, Dan |
Conference Name | Proceedings of the 1st Workshop on Security-Oriented Designs of Computer Architectures and Processors |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-5991-7 |
Keywords | Deep Learning, Human Behavior, insider threat, log data analysis, Metrics, pubcrawl, resilience |
Abstract | Insider threats have shown their great destructive power in information security and financial stability and have received widespread attention from governments and organizations. Traditional intrusion detection systems fail to be effective in insider attacks due to the lack of extensive knowledge for insider behavior patterns. Instead, a more sophisticated method is required to have a deeper understanding for activities that insiders communicate with the information system. In this paper, we design a classifier, a neural network model utilizing Long Short Term Memory (LSTM) to model user log as a natural language sequence and achieve role-based classification. LSTM Model can learn behavior patterns of different users by automatically extracting feature and detect anomalies when log patterns deviate from the trained model. To illustrate the effective of classification model, we design two experiments based on cmu dataset. Experimental evaluations have shown that our model can successfully distinguish different behavior pattern and detect malicious behavior. |
URL | http://doi.acm.org/10.1145/3267494.3267495 |
DOI | 10.1145/3267494.3267495 |
Citation Key | zhang_role-based_2018 |