An Insider Threat Detection Method Based on User Behavior Analysis - Archive ouverte HAL Access content directly
Conference Papers Year : 2018

An Insider Threat Detection Method Based on User Behavior Analysis

(1) , (1) , (2) , (2)
1
2
Wei Jiang
  • Function : Author
  • PersonId : 1051575
Yuan Tian
  • Function : Author
  • PersonId : 1051576
Weixin Liu
  • Function : Author
  • PersonId : 1051577

Abstract

Insider threat has always been an important hidden danger of information system security, and the detection of insider threat is the main concern of information system organizers. Before the anomaly detection, the process of feature extraction often causes a part of information loss, and the detection of insider threats in a single time point often causes false positives. Therefore, this paper proposes a user behavior analysis model, by aggregating user behavior in a period of time, comprehensively characterizing user attributes, and then detecting internal attacks. Firstly, the user behavior characteristics are extracted from the multi-domain features extracted from the audit log, and then the XGBoost algorithm is used to train. The experimental results on a user behavior dataset show that the XGBoost algorithm can be used to identify the insider threats. The value of F-measure is up to 99.96% which is better than SVM and random forest algorithm.
Fichier principal
Vignette du fichier
473854_1_En_43_Chapter.pdf (461.45 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02197790 , version 1 (30-07-2019)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Wei Jiang, Yuan Tian, Weixin Liu, Wenmao Liu. An Insider Threat Detection Method Based on User Behavior Analysis. 10th International Conference on Intelligent Information Processing (IIP), Oct 2018, Nanning, China. pp.421-429, ⟨10.1007/978-3-030-00828-4_43⟩. ⟨hal-02197790⟩
161 View
145 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More