A COMPARATIVE ANALYSIS OF DEEP LEARNING TECHNIQUES FOR INSIDER THREAT DETECTION
Loading...
Date
2024-06-28
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
FUW Trends in Science&Technology Journal
Abstract
An insider threat refers to any malicious activities carried out by employees, contractors, or vendors who have
authorised access to an organisation’s IT assets, resulting in significant negative impacts on its data and
information resources. Existing literature reviews have identified shortcomings in utilizing diverse domains
(such as system log files, file processes, logon records, HTTP, email, external drives, and the Lightweight
Directory Access Protocol (LDAP)) to develop techniques capable of identifying insiders posing a threat to an
organisation with minimal false positives. In contrast, this study opts for a more robust domain, specifically
LAN data packets, to assess the activities of users within the organization's Local Area Network. It monitors
deviations from the normal flow of data packets on the network, thereby classifying these anomalies as either
malicious or benign. The synthetic dataset KDDCUP’99, evaluated in this study, is widely recognized as one
of the few publicly accessible datasets for network-based anomaly detection systems. The proposed stacked
ensemble model demonstrates superior predictive performance, achieving an accuracy of 98%, compared to
the 91.88% and 98.58% accuracy of the individual classifiers Naïve Bayes and KNN, respectively. The model
can be improved by incorporating additional user behaviours such as email communication, browser activity,
and file access to enhance accuracy and applicability.