Users’ Scenario-Base for Analysing Insider Threat Detection Based on User’s Downloads Activity Logs

Research output: Book chapter/Published conference paperConference paperpeer-review

Abstract

The persistence and growth of insider threats pose a significant challenge to the information security community. Malicious insiders have been identified as one of the most detrimental threats to sensitive data including systems of enterprises and government agencies. Detecting insider threats presents a unique set of challenges, including dealing with large and imbalanced datasets and limited availability of ground truth information. Insider threats pose a serious risk to organizations, financial institutions, and government agencies. Former and current employees often exploit their trusted positions to disrupt regular organizational functions or unlawfully disclose classified or confidential information for personal or group gain. These actions can lead to severe financial, reputational, and operational consequences for the affected entities. To address this pressing issue, the research presented in this paper proposes a user-centric approach for insider threat detection. This approach focuses on leveraging downloads activity logs to analyse and detect patterns associated with insider threats. By examining user behaviours related to downloading activities, valuable insights to gained, and existing detection techniques can be enhanced. The proposed methodology aims to provide practical solutions for identifying and mitigating potential insider threats within organisations. Among the selected classifiers, RandomTree exhibited the highest accuracy rate of 0.981%, making it the most suitable option for the insider threat detection system. The accuracy rate indicates the overall correctness of the model’s predictions, with a higher value indicating a better performance in classifying instances correctly.

Original languageEnglish
Title of host publicationAdvances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC
Subtitle of host publicationProceedings of the 2024 Future of Information and Communication Conference (FICC)
EditorsKohei Arai
Place of PublicationSwitzerland
PublisherSpringer Science and Business Media Deutschland GmbH
Pages457-472
Number of pages16
ISBN (Electronic)978-3-031-53963-3
ISBN (Print)9783031539626
DOIs
Publication statusPublished - 2024
EventFuture of Information and Communication Conference, FICC 2024 - Berlin, Germany
Duration: 04 Apr 202405 Apr 2024

Publication series

NameLecture Notes in Networks and Systems
Volume920 LNNS
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Conference

ConferenceFuture of Information and Communication Conference, FICC 2024
Country/TerritoryGermany
CityBerlin
Period04/04/2405/04/24

Fingerprint

Dive into the research topics of 'Users’ Scenario-Base for Analysing Insider Threat Detection Based on User’s Downloads Activity Logs'. Together they form a unique fingerprint.

Cite this