Abstract
We developed an insider threat detection model to be used by organizations that repeat tasks at regular intervals. The model identifies the best combination of different feature selection algorithms, unsupervised learning algorithms, and standard scores. We derive a model specifically optimized for the organization by evaluating each combination in terms of accuracy, AUC (Area Under the Curve), and TPR (True Positive Rate). In order to validate this model, a four-year log was applied to the system handling sensitive information from public institutions. In the research target system, the user log was analyzed monthly based on the fact that the business process is processed at a cycle of one year, and the roles are determined for each person in charge. In order to classify the behavior of a user as abnormal, the standard scores of each organization were calculated and classified as abnormal when they exceeded certain thresholds. Using this method, we proposed an optimized model for the organization and verified it.
| Original language | English |
|---|---|
| Pages (from-to) | 1722-1737 |
| Number of pages | 16 |
| Journal | KSII Transactions on Internet and Information Systems |
| Volume | 13 |
| Issue number | 3 |
| DOIs | |
| Publication status | Published - 2019 Mar 31 |
Bibliographical note
Publisher Copyright:© 2019 KSII.
Keywords
- Insider threat detection
- Machine learning
- Privacy behavior
- Security
- Unsupervised learning
ASJC Scopus subject areas
- Information Systems
- Computer Networks and Communications