Adam James Hall
Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier
Hall, Adam James; Pitropakis, Nikolaos; Buchanan, William J; Moradpoor, Naghmeh
Authors
Dr Nick Pitropakis N.Pitropakis@napier.ac.uk
Associate Professor
Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Dr Naghmeh Moradpoor Sheykhkanloo N.Moradpoor@napier.ac.uk
Lecturer
Abstract
Insider threats continue to present a major challenge for the information security community. Despite constant research taking place in this area; a substantial gap still exists between the requirements of this community and the solutions that are currently available. This paper uses the CERT dataset r4.2 along with a series of machine learning classifiers to predict the occurrence of a particular malicious insider threat scenario-the uploading sensitive information to wiki leaks before leaving the organization. These algorithms are aggregated into a meta-classifier which has a stronger predictive performance than its constituent models. It also defines a methodology for performing pre-processing on organizational log data into daily user summaries for classification, and is used to train multiple classifiers. Boosting is also applied to optimise classifier accuracy. Overall the models are evaluated through analysis of their associated confusion matrix and Receiver Operating Characteristic (ROC) curve, and the best performing classifiers are aggregated into an ensemble classifier. This meta-classifier has an accuracy of 96.2% with an area under the ROC curve of 0.988.
Citation
Hall, A. J., Pitropakis, N., Buchanan, W. J., & Moradpoor, N. (2019). Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier. In 2018 IEEE International Conference on Big Data (Big Data). https://doi.org/10.1109/BigData.2018.8621922
Conference Name | International Workshop on Big Data Analytics for Cyber Threat Hunting |
---|---|
Conference Location | Seattle, WA, USA |
Start Date | Dec 10, 2018 |
End Date | Dec 13, 2018 |
Acceptance Date | Nov 14, 2018 |
Online Publication Date | Jan 24, 2019 |
Publication Date | Jan 24, 2019 |
Deposit Date | Nov 20, 2018 |
Publicly Available Date | Jan 24, 2019 |
Publisher | Institute of Electrical and Electronics Engineers |
Book Title | 2018 IEEE International Conference on Big Data (Big Data) |
DOI | https://doi.org/10.1109/BigData.2018.8621922 |
Keywords | Classification; Malicious Insider Threat; Machine-Learning; Supervised Learning; Security |
Public URL | http://researchrepository.napier.ac.uk/Output/1370217 |
Files
Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier (accepted version)
(666 Kb)
PDF
Copyright Statement
© © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
You might also like
Privacy and Trust Redefined in Federated Machine Learning
(2021)
Journal Article
Privacy-preserving Surveillance Methods using Homomorphic Encryption
(2020)
Conference Proceeding
A Distributed Trust Framework for Privacy-Preserving Machine Learning
(2020)
Conference Proceeding
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search