Skip to Main content Skip to Navigation
Conference papers

An Insider Threat Detection Method Based on User Behavior Analysis

Abstract : Insider threat has always been an important hidden danger of information system security, and the detection of insider threat is the main concern of information system organizers. Before the anomaly detection, the process of feature extraction often causes a part of information loss, and the detection of insider threats in a single time point often causes false positives. Therefore, this paper proposes a user behavior analysis model, by aggregating user behavior in a period of time, comprehensively characterizing user attributes, and then detecting internal attacks. Firstly, the user behavior characteristics are extracted from the multi-domain features extracted from the audit log, and then the XGBoost algorithm is used to train. The experimental results on a user behavior dataset show that the XGBoost algorithm can be used to identify the insider threats. The value of F-measure is up to 99.96% which is better than SVM and random forest algorithm.
Document type :
Conference papers
Complete list of metadatas

Cited literature [14 references]  Display  Hide  Download

https://hal.inria.fr/hal-02197790
Contributor : Hal Ifip <>
Submitted on : Tuesday, July 30, 2019 - 5:01:43 PM
Last modification on : Tuesday, July 30, 2019 - 5:12:19 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2021-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Wei Jiang, Yuan Tian, Weixin Liu, Wenmao Liu. An Insider Threat Detection Method Based on User Behavior Analysis. 10th International Conference on Intelligent Information Processing (IIP), Oct 2018, Nanning, China. pp.421-429, ⟨10.1007/978-3-030-00828-4_43⟩. ⟨hal-02197790⟩

Share

Metrics

Record views

62