| Title | GRU and Multi-autoencoder based Insider Threat Detection for Cyber Security |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Meng, Fanzhi, Lu, Peng, Li, Junhao, Hu, Teng, Yin, Mingyong, Lou, Fang |
| Conference Name | 2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC) |
| Keywords | anomaly detection, composability, Correlation, Cyberspace, Data Science, Filtering, Forestry, GRU, Human Behavior, insider threat, Logic gates, Measurement, Metrics, multi-autoencoder, multi-head attention, policy-based governance, pubcrawl |
| Abstract | The concealment and confusion nature of insider threat makes it a challenging task for security analysts to identify insider threat from log data. To detect insider threat, we propose a novel gated recurrent unit (GRU) and multi-autoencoder based insider threat detection method, which is an unsupervised anomaly detection method. It takes advantage of the extremely unbalanced characteristic of insider threat data and constructs a normal behavior autoencoder with low reconfiguration error through multi-level filter behavior learning, and identifies the behavior data with high reconfiguration error as abnormal behavior. In order to achieve the high efficiency of calculation and detection, GRU and multi-head attention are introduced into the autoencoder. Use dataset v6.2 of the CERT insider threat as validation data and threat detection recall as evaluation metric. The experimental results show that the effect of the proposed method is obviously better than that of Isolation Forest, LSTM autoencoder and multi-channel autoencoders based insider threat detection methods, and it's an effective insider threat detection technology. |
| DOI | 10.1109/DSC53577.2021.00035 |
| Citation Key | meng_gru_2021 |
GRU and Multi-autoencoder based Insider Threat Detection for Cyber Security