TY - GEN
T1 - Users’ Scenario-Base for Analysing Insider Threat Detection Based on User’s Downloads Activity Logs
AU - Padiet, Peter
AU - Islam, Rafiqul
AU - Khan, M. Arif
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024
Y1 - 2024
N2 - The persistence and growth of insider threats pose a significant challenge to the information security community. Malicious insiders have been identified as one of the most detrimental threats to sensitive data including systems of enterprises and government agencies. Detecting insider threats presents a unique set of challenges, including dealing with large and imbalanced datasets and limited availability of ground truth information. Insider threats pose a serious risk to organizations, financial institutions, and government agencies. Former and current employees often exploit their trusted positions to disrupt regular organizational functions or unlawfully disclose classified or confidential information for personal or group gain. These actions can lead to severe financial, reputational, and operational consequences for the affected entities. To address this pressing issue, the research presented in this paper proposes a user-centric approach for insider threat detection. This approach focuses on leveraging downloads activity logs to analyse and detect patterns associated with insider threats. By examining user behaviours related to downloading activities, valuable insights to gained, and existing detection techniques can be enhanced. The proposed methodology aims to provide practical solutions for identifying and mitigating potential insider threats within organisations. Among the selected classifiers, RandomTree exhibited the highest accuracy rate of 0.981%, making it the most suitable option for the insider threat detection system. The accuracy rate indicates the overall correctness of the model’s predictions, with a higher value indicating a better performance in classifying instances correctly.
AB - The persistence and growth of insider threats pose a significant challenge to the information security community. Malicious insiders have been identified as one of the most detrimental threats to sensitive data including systems of enterprises and government agencies. Detecting insider threats presents a unique set of challenges, including dealing with large and imbalanced datasets and limited availability of ground truth information. Insider threats pose a serious risk to organizations, financial institutions, and government agencies. Former and current employees often exploit their trusted positions to disrupt regular organizational functions or unlawfully disclose classified or confidential information for personal or group gain. These actions can lead to severe financial, reputational, and operational consequences for the affected entities. To address this pressing issue, the research presented in this paper proposes a user-centric approach for insider threat detection. This approach focuses on leveraging downloads activity logs to analyse and detect patterns associated with insider threats. By examining user behaviours related to downloading activities, valuable insights to gained, and existing detection techniques can be enhanced. The proposed methodology aims to provide practical solutions for identifying and mitigating potential insider threats within organisations. Among the selected classifiers, RandomTree exhibited the highest accuracy rate of 0.981%, making it the most suitable option for the insider threat detection system. The accuracy rate indicates the overall correctness of the model’s predictions, with a higher value indicating a better performance in classifying instances correctly.
KW - Anomaly detection
KW - Classified information
KW - Insider threat detection
KW - Machine learning
KW - Unbalanced data
UR - http://www.scopus.com/inward/record.url?scp=85189368278&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85189368278&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-53963-3_30
DO - 10.1007/978-3-031-53963-3_30
M3 - Conference paper
AN - SCOPUS:85189368278
SN - 9783031539626
T3 - Lecture Notes in Networks and Systems
SP - 457
EP - 472
BT - Advances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC
A2 - Arai, Kohei
PB - Springer Science and Business Media Deutschland GmbH
CY - Switzerland
T2 - Future of Information and Communication Conference, FICC 2024
Y2 - 4 April 2024 through 5 April 2024
ER -