Advanced insider threat detection model to apply periodic work atmosphere

Junhyoung Oh, Tae Ho Kim, Kyung Ho Lee

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)


We developed an insider threat detection model to be used by organizations that repeat tasks at regular intervals. The model identifies the best combination of different feature selection algorithms, unsupervised learning algorithms, and standard scores. We derive a model specifically optimized for the organization by evaluating each combination in terms of accuracy, AUC (Area Under the Curve), and TPR (True Positive Rate). In order to validate this model, a four-year log was applied to the system handling sensitive information from public institutions. In the research target system, the user log was analyzed monthly based on the fact that the business process is processed at a cycle of one year, and the roles are determined for each person in charge. In order to classify the behavior of a user as abnormal, the standard scores of each organization were calculated and classified as abnormal when they exceeded certain thresholds. Using this method, we proposed an optimized model for the organization and verified it.

Original languageEnglish
Pages (from-to)1722-1737
Number of pages16
JournalKSII Transactions on Internet and Information Systems
Issue number3
Publication statusPublished - 2019 Mar 31

Bibliographical note

Publisher Copyright:
© 2019 KSII.


  • Insider threat detection
  • Machine learning
  • Privacy behavior
  • Security
  • Unsupervised learning

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Advanced insider threat detection model to apply periodic work atmosphere'. Together they form a unique fingerprint.

Cite this