Skip to Main content Skip to Navigation
Conference papers

An Insider Threat Detection Method Based on User Behavior Analysis

Abstract : Insider threat has always been an important hidden danger of information system security, and the detection of insider threat is the main concern of information system organizers. Before the anomaly detection, the process of feature extraction often causes a part of information loss, and the detection of insider threats in a single time point often causes false positives. Therefore, this paper proposes a user behavior analysis model, by aggregating user behavior in a period of time, comprehensively characterizing user attributes, and then detecting internal attacks. Firstly, the user behavior characteristics are extracted from the multi-domain features extracted from the audit log, and then the XGBoost algorithm is used to train. The experimental results on a user behavior dataset show that the XGBoost algorithm can be used to identify the insider threats. The value of F-measure is up to 99.96% which is better than SVM and random forest algorithm.
Document type :
Conference papers
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Tuesday, July 30, 2019 - 5:01:43 PM
Last modification on : Tuesday, July 30, 2019 - 5:12:19 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Wei Jiang, Yuan Tian, Weixin Liu, Wenmao Liu. An Insider Threat Detection Method Based on User Behavior Analysis. 10th International Conference on Intelligent Information Processing (IIP), Oct 2018, Nanning, China. pp.421-429, ⟨10.1007/978-3-030-00828-4_43⟩. ⟨hal-02197790⟩



Record views


Files downloads