Research Output

Deep Learning and Dempster-Shafer Theory Based Insider Threat Detection

  Organizations' own personnel now have a greater ability than ever before to misuse their access to critical organizational assets. Insider threat detection is a key component in identifying rare anomalies in context, which is a growing concern for many organizations. Existing perimeter security mechanisms are proving to be ineffective against insider threats. As a prospective filter for the human analysts, a new deep learning based insider threat detection method that uses the Dempster-Shafer theory is proposed to handle both accidental as well as intentional insider threats via organization's channels of communication in real time. The long short-term memory (LSTM) architecture is applied to a recurrent neural network (RNN) in this work to detect anomalous network behavior patterns. Furthermore, belief is updated with Dempster's conditional rule and utilized to fuse evidence to achieve enhanced prediction. The CERT Insider Threat Dataset v6.2 is used to train the behavior model. Through performance evaluation, our proposed method is proven to be effective as an insider threat detection technique.

  • Type:

    Article

  • Date:

    09 October 2020

  • Publication Status:

    In Press

  • DOI:

    10.1007/s11036-020-01656-7

  • ISSN:

    1383-469X

  • Library of Congress:

    QA75 Electronic computers. Computer science

  • Dewey Decimal Classification:

    005 Computer programming, programs & data

  • Funders:

    Edinburgh Napier Funded

Citation

Tian, Z., Shi, W., Tan, Z., Qiu, J., Sun, Y., Jiang, F., & Liu, Y. (in press). Deep Learning and Dempster-Shafer Theory Based Insider Threat Detection. Mobile Networks and Applications, https://doi.org/10.1007/s11036-020-01656-7

Authors

Keywords

Deep learning, Insider threat, Network security, Recurrent neural networks

Monthly Views:

Available Documents