| Title | DeepMIT: A Novel Malicious Insider Threat Detection Framework based on Recurrent Neural Network |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Sun, Degang, Liu, Meichen, Li, Meimei, Shi, Zhixin, Liu, Pengcheng, Wang, Xu |
| Conference Name | 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD) |
| Date Published | may |
| Keywords | component, composability, Deep Learning, feature extraction, formatting, Human Behavior, insert, insider threat, Metrics, object detection, performance evaluation, policy-based governance, Predictive models, pubcrawl, Real-time Systems, Recurrent neural networks, style, styling |
| Abstract | Currently, more and more malicious insiders are making threats, and the detection of insider threats is becoming more challenging. The malicious insider often uses legitimate access privileges and mimic normal behaviors to evade detection, which is difficult to be detected via using traditional defensive solutions. In this paper, we propose DeepMIT, a malicious insider threat detection framework, which utilizes Recurrent Neural Network (RNN) to model user behaviors as time sequences and predict the probabilities of anomalies. This framework allows DeepMIT to continue learning, and the detections are made in real time, that is, the anomaly alerts are output as rapidly as data input. Also, our framework conducts further insight of the anomaly scores and provides the contributions to the scores and, thus, significantly helps the operators to understand anomaly scores and take further steps quickly(e.g. Block insider's activity). In addition, DeepMIT utilizes user-attributes (e.g. the personality of the user, the role of the user) as categorical features to identify the user's truly typical behavior, which help detect malicious insiders who mimic normal behaviors. Extensive experimental evaluations over a public insider threat dataset CERT (version 6.2) have demonstrated that DeepMIT has outperformed other existing malicious insider threat solutions. |
| DOI | 10.1109/CSCWD49262.2021.9437887 |
| Citation Key | sun_deepmit_2021 |
DeepMIT: A Novel Malicious Insider Threat Detection Framework based on Recurrent Neural Network