| Title | Insider Threat Detection Based on User Historical Behavior and Attention Mechanism |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | He, Weiyu, Wu, Xu, Wu, Jingchen, Xie, Xiaqing, Qiu, Lirong, Sun, Lijuan |
| Conference Name | 2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC) |
| Date Published | oct |
| Keywords | anomaly detection, attention mechanism, composability, Conferences, Cyberspace, data mining, Data Science, History, Human Behavior, insider threat, Insider Threat Detection, Metrics, Neural networks, Organizations, policy-based governance, pubcrawl, Recurrent neural networks |
| Abstract | Insider threat makes enterprises or organizations suffer from the loss of property and the negative influence of reputation. User behavior analysis is the mainstream method of insider threat detection, but due to the lack of fine-grained detection and the inability to effectively capture the behavior patterns of individual users, the accuracy and precision of detection are insufficient. To solve this problem, this paper designs an insider threat detection method based on user historical behavior and attention mechanism, including using Long Short Term Memory (LSTM) to extract user behavior sequence information, using Attention-based on user history behavior (ABUHB) learns the differences between different user behaviors, uses Bidirectional-LSTM (Bi-LSTM) to learn the evolution of different user behavior patterns, and finally realizes fine-grained user abnormal behavior detection. To evaluate the effectiveness of this method, experiments are conducted on the CMU-CERT Insider Threat Dataset. The experimental results show that the effectiveness of this method is 3.1% to 6.3% higher than that of other comparative model methods, and it can detect insider threats in different user behaviors with fine granularity. |
| DOI | 10.1109/DSC53577.2021.00089 |
| Citation Key | he_insider_2021 |
Insider Threat Detection Based on User Historical Behavior and Attention Mechanism