Research Output

Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier

  Insider threats continue to present a major challenge for the information security community. Despite constant research taking place in this area; a substantial gap still exists between the requirements of this community and the solutions that are currently available. This paper uses the CERT dataset r4.2 along with a series of machine learning classifiers to predict the occurrence of a particular malicious insider threat scenario-the uploading sensitive information to wiki leaks before leaving the organization. These algorithms are aggregated into a meta-classifier which has a stronger predictive performance than its constituent models. It also defines a methodology for performing pre-processing on organizational log data into daily user summaries for classification, and is used to train multiple classifiers. Boosting is also applied to optimise classifier accuracy. Overall the models are evaluated through analysis of their associated confusion matrix and Receiver Operating Characteristic (ROC) curve, and the best performing classifiers are aggregated into an ensemble classifier. This meta-classifier has an accuracy of 96.2% with an area under the ROC curve of 0.988.

  • Date:

    14 November 2018

  • Publication Status:

    Accepted

  • Library of Congress:

    QA76 Computer software

  • Dewey Decimal Classification:

    005.8 Data security

  • Funders:

    Edinburgh Napier Funded

Citation

Hall, A. J., Pitropakis, N., Buchanan, W. J., & Moradpoor, N. (in press). Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier. In Proceedings Cyberhunt 2018

Authors

Keywords

Classification; Malicious Insider Threat; Machine- Learning; Supervised Learning; Security

Monthly Views:

Available Documents

  • pdf

    Naghmeh

    650KB
    Number of Downloads in the past year: 18

    © © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

  • Downloadable citations

    HTML BIB RTF