Adam James Hall
Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier
Hall, Adam James; Pitropakis, Nikolaos; Buchanan, William J; Moradpoor, Naghmeh
Authors
Dr Nick Pitropakis N.Pitropakis@napier.ac.uk
Associate Professor
Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Dr Naghmeh Moradpoor N.Moradpoor@napier.ac.uk
Associate Professor
Abstract
Insider threats continue to present a major challenge for the information security community. Despite constant research taking place in this area; a substantial gap still exists between the requirements of this community and the solutions that are currently available. This paper uses the CERT dataset r4.2 along with a series of machine learning classifiers to predict the occurrence of a particular malicious insider threat scenario-the uploading sensitive information to wiki leaks before leaving the organization. These algorithms are aggregated into a meta-classifier which has a stronger predictive performance than its constituent models. It also defines a methodology for performing pre-processing on organizational log data into daily user summaries for classification, and is used to train multiple classifiers. Boosting is also applied to optimise classifier accuracy. Overall the models are evaluated through analysis of their associated confusion matrix and Receiver Operating Characteristic (ROC) curve, and the best performing classifiers are aggregated into an ensemble classifier. This meta-classifier has an accuracy of 96.2% with an area under the ROC curve of 0.988.
Citation
Hall, A. J., Pitropakis, N., Buchanan, W. J., & Moradpoor, N. (2018, December). Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier. Presented at International Workshop on Big Data Analytics for Cyber Threat Hunting, Seattle, WA, USA
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | International Workshop on Big Data Analytics for Cyber Threat Hunting |
| Start Date | Dec 10, 2018 |
| End Date | Dec 13, 2018 |
| Acceptance Date | Nov 14, 2018 |
| Online Publication Date | Jan 24, 2019 |
| Publication Date | Jan 24, 2019 |
| Deposit Date | Nov 20, 2018 |
| Publicly Available Date | Jan 24, 2019 |
| Publisher | Institute of Electrical and Electronics Engineers |
| Book Title | 2018 IEEE International Conference on Big Data (Big Data) |
| DOI | https://doi.org/10.1109/BigData.2018.8621922 |
| Keywords | Classification; Malicious Insider Threat; Machine-Learning; Supervised Learning; Security |
| Public URL | http://researchrepository.napier.ac.uk/Output/1370217 |
| Contract Date | Nov 20, 2018 |
Files
Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier (accepted version)
(666 Kb)
PDF
Copyright Statement
© © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
You might also like
Towards The Creation Of The Future Fish Farm
(2023)
Journal Article
Using Social Media & Sentiment Analysis to Make Investment Decisions
(2022)
Journal Article