Visible to the public User Behaviour based Insider Threat Detection in Critical Infrastructures

TitleUser Behaviour based Insider Threat Detection in Critical Infrastructures
Publication TypeConference Paper
Year of Publication2021
AuthorsSingh, Malvika, Mehtre, BM, Sangeetha, S
Conference Name2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC)
Keywordsanomaly detection, Bi-directional Long Short Term Memory (bi-LSTM), Computer crime, critical infrastructure, cyber security, Deep Learning, feature extraction, Insider Threat Detection (ITD), machine learning, Metrics, Organizations, privacy, pubcrawl, statistical analysis, support vector machine (SVM), Support vector machines, threat vectors, User Behavior Analysis
AbstractCyber security is an important concern in critical infrastructures such as banking and financial organizations, where a number of malicious insiders are involved. These insiders may be existing employees / users present within the organization and causing harm by performing any malicious activity and are commonly known as insider threats. Existing insider threat detection (ITD) methods are based on statistical analysis, machine and deep learning approaches. They monitor and detect malicious user activity based on pre-built rules which fails to detect unforeseen threats. Also, some of these methods require explicit feature engineering which results in high false positives. Apart from this, some methods choose relatively insufficient features and are computationally expensive which affects the classifier's accuracy. Hence, in this paper, a user behaviour based ITD method is presented to overcome the above limitations. It is a conceptually simple and flexible approach based on augmented decision making and anomaly detection. It consists of bi-directional long short term memory (bi-LSTM) for efficient feature extraction. For the purpose of classifying users as "normal" or "malicious", a binary class support vector machine (SVM) is used. CMU-CERT v4.2 dataset is used for testing the proposed method. The performance is evaluated using the following parameters: Accuracy, Precision, Recall, F- Score and AUC-ROC. Test results show that the proposed method outperforms the existing methods.
DOI10.1109/ICSCCC51823.2021.9478137
Citation Keysingh_user_2021