Deep Learning and Dempster-Shafer Theory Based Insider Threat Detection

Tian, Zhihong; Shi, Wei; Tan, Zhiyuan; Qiu, Jing; Sun, Yanbin; Jiang, Feng; Liu, Yan

doi:10.1007/s11036-020-01656-7

Deep Learning and Dempster-Shafer Theory Based Insider Threat Detection

Tian, Zhihong; Shi, Wei; Tan, Zhiyuan; Qiu, Jing; Sun, Yanbin; Jiang, Feng; Liu, Yan

Authors

Zhihong Tian

Wei Shi

Dr Thomas Tan Z.Tan@napier.ac.uk
Associate Professor

Jing Qiu

Yanbin Sun

Feng Jiang

Yan Liu

Abstract

Organizations' own personnel now have a greater ability than ever before to misuse their access to critical organizational assets. Insider threat detection is a key component in identifying rare anomalies in context, which is a growing concern for many organizations. Existing perimeter security mechanisms are proving to be ineffective against insider threats. As a prospective filter for the human analysts, a new deep learning based insider threat detection method that uses the Dempster-Shafer theory is proposed to handle both accidental as well as intentional insider threats via organization's channels of communication in real time. The long short-term memory (LSTM) architecture is applied to a recurrent neural network (RNN) in this work to detect anomalous network behavior patterns. Furthermore, belief is updated with Dempster's conditional rule and utilized to fuse evidence to achieve enhanced prediction. The CERT Insider Threat Dataset v6.2 is used to train the behavior model. Through performance evaluation, our proposed method is proven to be effective as an insider threat detection technique.

Citation

Tian, Z., Shi, W., Tan, Z., Qiu, J., Sun, Y., Jiang, F., & Liu, Y. (online). Deep Learning and Dempster-Shafer Theory Based Insider Threat Detection. Mobile Networks and Applications, https://doi.org/10.1007/s11036-020-01656-7

Journal Article Type	Article
Acceptance Date	May 22, 2019
Online Publication Date	Oct 9, 2020
Deposit Date	May 22, 2019
Publicly Available Date	Oct 10, 2021
Journal	Mobile Networks and Applications
Print ISSN	1383-469X
Electronic ISSN	1572-8153
Publisher	Springer
Peer Reviewed	Peer Reviewed
DOI	https://doi.org/10.1007/s11036-020-01656-7
Keywords	Deep learning, Insider threat, Network security, Recurrent neural networks
Public URL	http://researchrepository.napier.ac.uk/Output/1820856
Contract Date	Jul 12, 2019

Files

Deep Learning and Dempster-Shafer Theory Based Insider Threat Detection (1.3 Mb)
PDF

Copyright Statement
“This is a post-peer-review, pre-copyedit version of an article published in Mobile Networks and Applications. The final authenticated version is available online at: http://dx.doi.org/[insert DOI]”.