Insider Threat Detection Using Usupervised Learning

Authors

  • Tushar Yadav  Dr. D. Y. Patil Institute of Technology, Pimpri, Pune, Maharashtra, India
  • Akash Manoj  Dr. D. Y. Patil Institute of Technology, Pimpri, Pune, Maharashtra, India
  • Tanishq Ghanshani  Dr. D. Y. Patil Institute of Technology, Pimpri, Pune, Maharashtra, India
  • Wajahat Hussain  Dr. D. Y. Patil Institute of Technology, Pimpri, Pune, Maharashtra, India
  • Dr. Kapil Vhatkar  Assistant Professor, Dr. D. Y. Patil Institute of Technology, Pimpri, Pune, Maharashtra, India

DOI:

https://doi.org/10.32628/IJSRSET2310647

Keywords:

ML-Machine Learning, Smart Irrigation, Precise, Sustainability, Predictive Modelling, Sensor Data, Crop Yield Optimization, SVM-Support Vector Machine, KNN-K Nearest Neighbors.

Abstract

In recent years, there has been a noticeable upsurge in insider threat incidents, resulting in substantial losses to companies and organizations. The escalating frequency of these incidents poses a formidable challenge to the realm of internal network security. Traditional intrusion detection methods, predominantly engineered to detect external threats, have proven insufficient in identifying the intricate and often subtle malicious behaviors of insiders. Consequently, this has propelled the urgent need for innovative and effective solutions within the domain of insider threat detection technology. This research project addresses the imperative call to action by introducing a novel and holistic approach to insider threat detection. Our methodology is firmly grounded in two pivotal components, each meticulously designed to address specific facets of the challenge. The first pillar of our approach employs the tree structure method, a sophisticated technique that meticulously dissects and comprehends user behavior. By employing a hierarchical structure to disentangle user actions, this method meticulously captures the dynamic relationships and dependencies inherent in human- computer interactions. The outcome of this analysis is the creation of feature sequences, chronicles of user actions ordered by time, providing a multifaceted and in-depth view of user behaviors. Complementing this intricate framework is our incorporation of the Copula-Based Outlier Detection (COPOD) method. COPOD harnesses advanced statistical methodologies, notably copulas, to discern outliers and anomalies within the feature sequences derived from our user behavior analysis. This dynamic interplay of analytical methods allows us to single out and flag users whose behavior exhibits deviations from established norms, effectively identifying potential insider threats within the organization. The efficacy and practicality of our approach were rigorously tested using the CERT-IT datasets, which encompasses a wide array of insider threat scenarios. Our experiments revealed the superior performance of our approach when compared to conventional methods, most notably the Isolation Forest technique. Crucial performance metrics, including accuracy, precision, recall, F1-score, and the area under the receiver operating characteristic curve (AUC), underscore the resounding success of our method in safeguarding against insider threats. In summary, this research project stands as a groundbreaking contribution to the field of insider threat detection. Our synthesis of the tree structure method and COPOD offers a potent, versatile, and adaptive solution to the formidable challenges faced by organizations seeking to fortify the security of their internal networks. Moreover, our findings illuminate the vast potential of unsupervised machine learning techniques in combating insider threats with unwavering precision, providing a robust defense against the evolving and intricate threat landscape.

References

  1. C. R. Srinivasan, B. Rajesh, P. Saikalyan, K. Premsagar, and E. S. Yadav, “A reviewon the different types of Internet of Things (IoT),” J. Adv. Res. Dyn. Control Syst., vol. 11, no. 1, pp. 154–158, 2019.
  2. G. J. Joyia, R. M. Liaqat, A. Farooq, and S. Rehman, “Internet of Medical Things (IOMT): Applications, benefits and future challenges in healthcare do- main,” J. Commun., vol. 12, no. 4, pp. 240–247, 2017.
  3. A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi, “Internet of Things for smart cities,” IEEE Internet Things J., vol. 1, no. 1, pp. 22–32, Feb. 2014.
  4. E. B. Karbab, M. Debbabi, A. Derhab, and D. Mouheb, “Android malware de tection using deep learning on API method sequences,” Dec. 2017, arXiv:1712.08996.[Online]. Available: https://arxiv.org/abs/1712.08996
  5. S. Jabbar, K. R. Malik, M. Ahmad, O. Aldabbas, M. Asif, S. Khalid, K. Han, and S. H. Ahmed, “A methodology of real-time data fusion for localized big data analytics,” IEEE Access, vol. 6, pp. 24510–24520, 2018.
  6. F. Ullah, J. Wang, M. Farhan, M. Habib, and S. Khalid, “Software plagiarismdetection in multiprogramming languages using machine learning approach,” Concurrency Comput., Pract. Exper., to be published.
  7. D.-K. Chae, J. Ha, S.-W. Kim, B. Kang, and E. G. Im, “Software plagiarism detection: A graph-based approach,” in Proc. 22nd ACM Int. Conf. Inf. Knowl. Manage., Nov. 2013, pp. 1577–1580.
  8. Y. Akbulut and O. D o¨ nmez, “Predictors of digital piracy among Turkish un- dergraduate students,” Telematics Inform., vol. 35, no. 5, pp. 1324– 1334, 2018
  9. M. ShanmughaSundaram and S. Subramani, “A measurement of similarity to identify identical code clones,” Int. Arab J. Inf. Technol., vol. 12, pp. 735–740,Dec. 2015.
  10. C. Ragkhitwetsagul, “Measuring code similarity in large-scaled code Corpora,” in Proc. IEEE Int. Conf. Softw. Maintenance Evol. (ICSME), Oct. 2016, pp. 626–630. Anderson, R. (2001). Security Engineering: A Guide to Building Dependable
  11. Carcary, M., and Power, J. (2011). An Investigation into the Development of a Framework for Insider Threat Mitigation. Journal of Computer Information Systems, 51(1), 29-40.
  12. CERT-IT. (Year). The CERT-IT Insider Threat Dataset. [URL]
  13. Fidler, D., and Fidler, J. (2009). Applying Copulas to Examine Dependencies in Financial Data. Journal of Risk Management, 6(4), 1-29.
  14. Friedman, R., and Smid, M. (2015). Copula-Based Anomaly Detection. Proceedings of the International Conference on Knowledge Discovery and Data Mining (KDD), 9(12), 9-12.
  15. Ghosh, A. K., and Schwartzbard, A. (2011). A Survey of Insider Threat Detection: Fundamentals, Recent Advances, and Challenges. ACM Computing Surveys, 43(4), Article 15.
  16. Hodge, J. J., and Austin, J. (2004). A Survey of Outlier Detection Methodologies. Artificial Intelligence Review, 22(2), 85-126.
  17. Roesch, M. (1999). Snort - Lightweight Intrusion Detection for Networks. Proceedings of the USENIX Annual Technical Conference.
  18. Tan, C. L. (2019). Introduction to Data Mining. Pearson.
  19. Thomas, R. K., and Han, J. (2011). Data Mining: Concepts and Techniques. Morgan Kaufmann.
  20. Tondel, P., Kristoffersen, A. L., and Van Helvoort, J. (2009). A Model-Based Method for Anomaly Detection in Transaction Data. International Journal of Information Management, 29(4), 295-302.

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2023-12-30

Issue

Volume 10, Issue 6, November-December-2023

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Tushar Yadav, Akash Manoj, Tanishq Ghanshani, Wajahat Hussain, Dr. Kapil Vhatkar "Insider Threat Detection Using Usupervised Learning" International Journal of Scientific Research in Science, Engineering and Technology (IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 10, Issue 6, pp.361-367, November-December-2023. Available at doi : https://doi.org/10.32628/IJSRSET2310647