Abstract

Insider threats pose a significant security challenge to organizational assets and sensitive information. This paper presents a novel approach to insider threat detection by categorizing features into several behavioral types, including Time-related, User-related, Project and Role-related, Activity-related, Logon-related, USB-related, File-related, and Email-related features. Using a comprehensive dataset of 830 features, this paper addresses the challenge of class imbalance through the Synthetic Minority Over-sampling Technique (SMOTE), which improves the balance and preserves data patterns. Dividing features into distinct behavioral categories enhances the precision of threat detection by focusing on specific patterns and anomalies related to different behaviors. The evaluation of machine learning classifiers demonstrates high accuracy across various feature types: Random Forest achieved 76.4% for Time-related, 96.4% for User-related, 85.3% for Project and Role-related, 91.2% for Activity-related, 65.3% for Logon-related, 81.4% for USB-related, 92.5% for File-related, and 99.8% for email-related features. Artificial Neural Networks (ANN) showed good performance with 72% for Time-related, 85% for User-related, 87.6% for Project and Role-related, 75% for Activity-related, 65.5% for Logon-related, 89.7% for USB-related, 86.5% for File-related, and 90% for email-related features. This work underscores the effectiveness of feature categorization and the SMOTE technique in enhancing classifier performance and provides valuable insights for improving organizational security against insider threats.

Keywords

Insider threat Detection, Behavioral Analysis, Machine Learning, CERT, ANN,

Downloads

Download data is not yet available.

References

  1. Assessing insider threats: CISA (no date) Cybersecurity and Infrastructure Security Agency CISA. Available at: https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/assessing-insider-threats
  2. S. Yuan, X. Wu, Deep learning for insider threat detection: Review, challenges and opportunities. Computers & Security, 104, (2021) 102221. https://doi.org/10.1016/j.cose.2021.102221
  3. M. F. Arroyabe, C.F.A. Arranz, I.F. De Arroyabe, J.C.F. de Arroyabe, Revealing the realities of cybercrime in small and medium enterprises: Understanding fear and taxonomic perspectives. Computers & Security, 141, (2024) 103826. https://doi.org/10.1016/j.cose.2024.103826
  4. Z. Wei, U. Rauf, F. Mohsen, E-Watcher: insider threat monitoring and detection for enhanced security. Annals of Telecommunications, 79(11), (2024) 819–831. https://doi.org/10.1007/s12243-024-01023-7
  5. T.O. Oladimeji, C.K. Ayo, S.E. Adewumi, Review on Insider Threat Detection Techniques. Journal of Physics: Conference Series, IOP Publishing, 1299(1), (2019) 012046. https://doi.org/10.1038/s41598-024-77240-w
  6. D. Mladenovic, M. Antonijevic, L. Jovanovic, V. Simic, M. Zivkovic, N. Bacanin, T. Zivkovic, J. Perisic, Sentiment classification for insider threat identification using metaheuristic optimized machine learning classifiers. Scientific Reports, 14(1), (2024) 25731. https://doi.org/10.1038/s41598-024-77240-w
  7. B. Bin Sarhan, N. Altwaijry, Insider Threat Detection Using Machine Learning Approach. Applied Sciences, 13(1), (2022) 259. https://doi.org/10.3390/app13010259
  8. K. Fei, J. Zhou, Y. Zhou, X. Gu, H. Fan, B. Li, W. Wang, Y. Chen, LaAeb: A comprehensive log-text analysis based approach for insider threat detection. Computers & Security, 148, (2025) 104126. https://doi.org/10.1016/j.cose.2024.104126
  9. M. Vanitha, M. Navya Patel, K. Madhumitha, J. Sathvika, Enhancing Insider Threat Detection in Cloud Environments Through Ensemble Learning. International Journal of Communication Networks and Information Security (IJCNIS), 16(5), (2024) 638–647. https://www.ijcnis.org/index.php/ijcnis/article/view/7870
  10. S. Zeadally, B. Yu, D.H. Jeong, L. Liang, Detecting insider threats: Solutions and trends. Information security journal: A global perspective, 21(4), (2012) 183-192. https://doi.org/10.1080/19393555.2011.654318
  11. S. Song, N. Gao, Y. Zhang, C. Ma, BRITD: behavior rhythm insider threat detection with time awareness and user adaptation. Cybersecurity, 7(1), (2024). https://doi.org/10.1186/s42400-023-00190-9
  12. T. Al-Shehari, D. Rosaci, M. Al-Razgan, T. Alfakih, M. Kadrie, H. Afzal, R. Nawaz, Enhancing Insider Threat Detection in Imbalanced Cybersecurity Settings Using the Density-Based Local Outlier Factor Algorithm. IEEE Access, 12, (2024) 34820 – 34834. https://doi.org/10.1109/ACCESS.2024.3373694
  13. O. Nikiforova, A. Romanovs, V. Zabiniako, J. Kornienko, Detecting and Identifying Insider Threats Based on Advanced Clustering Methods. IEEE Access, 12, (2024) 30242-30253. https://doi.org/10.1109/ACCESS.2024.3365424
  14. K.C. Roy, G. Chen, GraphCH: A Deep Framework for Assessing Cyber-Human Aspects in Insider Threat Detection. IEEE Transactions on Dependable and Secure Computing, 21(5), (2024) 4495-4509. https://doi.org/10.1109/TDSC.2024.3353929
  15. Y. Li, Y. Su, (2023) The Insider Threat Detection Method of University Website Clusters Based on Machine Learning. 2023 6th International Conference on Artificial Intelligence and Big Data (ICAIBD), IEEE, Chengdu, China. https://doi.org/10.1109/ICAIBD57115.2023.10206282
  16. D. Sridevi, L. Kannagi, G. Vivekanandan, S. Revathi, (2023) Detecting Insider Threats in Cybersecurity Using Machine Learning and Deep Learning Techniques. In 2023 International Conference on Communication, Security and Artificial Intelligence (ICCSAI), IEEE, India. https://doi.org/10.1109/ICCSAI59793.2023.10421133
  17. R. Kumar, (2023) Thee Machine Learning Analysis of Data Granularity for Insider Threat Detection. 4th IEEE Global Conference for Advancement in Technology (GCAT), Bangalore, India. https://doi.org/10.1109/GCAT59970.2023.10353269
  18. A. Mittal, U. Garg, (2023) Prediction and Detection of Insider Threat Detection using Emails: A Comparision. Second International Conference on Electrical, Electronics, Information and Communication Technologies (ICEEICT), IEEE, Trichirappalli, India. https://doi.org/10.1109/ICEEICT56924.2023.10157297
  19. U. Rauf, Z. Wei, F. Mohsen, (2023) Employee Watcher: A Machine Learning-based Hybrid Insider Threat Detection Framework. 7th Cyber Security in Networking Conference (CSNet), Canada. https://doi.org/10.1109/CSNet59123.2023.10339777
  20. A. Diop, N. Emad, T. Winter, A Parallel and Scalable Framework for Insider Threat Detection. (2020) IEEE 27th International Conference on High Performance Computing, Data, and Analytics (HiPC), Pune, India. https://doi.org/10.1109/HiPC50609.2020.00024
  21. P.S.S. Prasad, S.K. Nayak, M.V. Krishna, Enhanced Insider Threat Detection Through Machine Learning Approach With Imbalanced Data Resolution. Journal of Theoretical and Applied Information Technology, 102(3), (2024).
  22. F.R. Alzaabi, A. Mehmood, A Review of Recent Advances, Challenges, and Opportunities in Malicious Insider Threat Detection Using Machine Learning Methods. IEEE Access, 12, (2024) 30907-30927. https://doi.org/10.1109/ACCESS.2024.3369906
  23. M. Villarreal-Vasquez, G. Modelo-Howard, S. Dube, B. Bhargava, Hunting for Insider Threats Using LSTM-Based Anomaly Detection. IEEE Transactions on Dependable and Secure Computing, 20(1), (2023) 451-462. https://doi.org/10.1109/TDSC.2021.3135639
  24. J. Xiao, L. Yang, F. Zhong, X. Wang, H. Chen, D. Li, Robust Anomaly-Based Insider Threat Detection Using Graph Neural Network. IEEE Transactions on Network and Service Management, 20(3), (2023) 3717-3733. https://doi.org/10.1109/TNSM.2022.3222635
  25. S. Singh, P. Chattopadhyay, (2023) Hierarchical Classification Using Ensemble of Feed-Forward Networks for Insider Threat Detection from Activity Logs. IEEE 20th India Council International Conference (INDICON), Hyderabad, India. https://doi.org/10.1109/ICPCSN58827.2023.00050
  26. F. Meng, P. Lu, J. Li, T. Hu, M. Yin, F. Lou, (2021) GRU and Multi-autoencoder based Insider Threat Detection for Cyber Security. IEEE Sixth International Conference on Data Science in Cyberspace (DSC), Shenzhen, China. https://doi.org/10.1109/DSC53577.2021.00035
  27. M. Singh, B. Mehtre, S. Sangeetha, (2021) User Behaviour based Insider Threat Detection in Critical Infrastructures. International Conference on Secure Cyber Computing and Communications (ICSCCC), IEEE, Jalandhar, India. https://doi.org/10.1109/ICSCCC51823.2021.9478137
  28. E. Pantelidis, G. Bendiab, S. Shiaeles, N. Kolokotronis, (2021) Insider Threat Detection using Deep Autoencoder and Variational Autoencoder Neural Networks. IEEE International Conference on Cyber Security and Resilience (CSR), IEEE, Greece. https://doi.org/10.1109/CSR51186.2021.9527925
  29. D.C. Le, N. Zincir-Heywood, Anomaly detection for insider threats using unsupervised ensembles. IEEE Transactions on Network and Service Management, 18(2), (2021) 1152-1164. https://doi.org/10.1109/TNSM.2021.3071928
  30. J. Wang, Q. Sun, C. Zhou, Insider Threat Detection Based on Deep Clustering of Multi-Source Behavioral Events. Applied Sciences, 13(24), (2023) 13021. https://doi.org/10.3390/app132413021
  31. A. Anju, K. Shalini, H. Ravikumar, P. Saranya, M. Krishnamurthy, (2023) Detection of Insider Threats Using Deep Learning. In 2023 3rd International Conference on Pervasive Computing and Social Networking (ICPCSN), IEEE, India. https://doi.org/10.1109/ICPCSN58827.2023.00050
  32. F. Whitelaw, J. Riley, N. Elmrabit, A Review of the Insider Threat, a Practitioner Perspective Within the U.K. Financial Services. IEEE Access, 12, (2024) 34752-34768. https://doi.org/10.1109/ACCESS.2024.3373265
  33. N. Kothari, C. Bhardwaj, S. Mishra, S. K. Satapathy, S.B. Cho, P. K. Mallick, (2024) Towards Insider Threat Resilience: A Proposed Mitigation Model. 2024 International Conference on Emerging Systems and Intelligent Computing (ESIC), Bhubaneswar, India. https://doi.org/10.1109/ESIC60604.2024.10481615
  34. S. Eftimie, R. Moinescu, C. Rǎcuciu, (2020) Insider Threat Detection Using Natural Language Processing and Personality Profiles. 13th International Conference on Communications (COMM), Bucharest, Romania. https://doi.org/10.1109/COMM48946.2020.9141964
  35. R. Orizio, S. Vuppala, S. Basagiannis, G. Provan, (2020) Towards an Explainable Approach for Insider Threat Detection: Constraint Network Learning. International Conference on Intelligent Data Science Technologies and Applications (IDSTA), Spain. https://doi.org/10.1109/IDSTA50958.2020.9264049
  36. A. Erola, I. Agrafiotis, M. Goldsmith, S. Creese, Insider-threat detection: Lessons from deploying the CITD tool in three multinational organisations. Journal of Information Security and Applications, 67. (2022) 103167. https://doi.org/10.1016/j.jisa.2022.103167
  37. M. Alohaly, O. Balogun, D. Takabi, Integrating cyber deception into attribute-based access control (ABAC) for insider threat detection. IEEE Access, 10, (2022)108965-108978. https://doi.org/10.1109/ACCESS.2022.3213645
  38. Tree, M.B. Directory tree. Available at: https://web.cs.dal.ca/~lcd/data/CERTr5.2/