TY - JOUR
T1 - Advanced insider threat detection model to apply periodic work atmosphere
AU - Oh, Junhyoung
AU - Kim, Tae Ho
AU - Lee, Kyung Ho
N1 - Funding Information:
A preliminary version of this paper was presented at APIC-IST 2018, and was selected by the conference review process. This research was supported by the MSIT(Ministry of Science, ICT), Korea, under the ITRC(Information Technology Research Center) support program (IITP-2018-2015-0-00403) supervised by the IITP(Institute for Information & communications Technology Promotion) Kyung Ho Lee is corresponding author of this paper.
Publisher Copyright:
© 2019 KSII.
PY - 2019/3/31
Y1 - 2019/3/31
N2 - We developed an insider threat detection model to be used by organizations that repeat tasks at regular intervals. The model identifies the best combination of different feature selection algorithms, unsupervised learning algorithms, and standard scores. We derive a model specifically optimized for the organization by evaluating each combination in terms of accuracy, AUC (Area Under the Curve), and TPR (True Positive Rate). In order to validate this model, a four-year log was applied to the system handling sensitive information from public institutions. In the research target system, the user log was analyzed monthly based on the fact that the business process is processed at a cycle of one year, and the roles are determined for each person in charge. In order to classify the behavior of a user as abnormal, the standard scores of each organization were calculated and classified as abnormal when they exceeded certain thresholds. Using this method, we proposed an optimized model for the organization and verified it.
AB - We developed an insider threat detection model to be used by organizations that repeat tasks at regular intervals. The model identifies the best combination of different feature selection algorithms, unsupervised learning algorithms, and standard scores. We derive a model specifically optimized for the organization by evaluating each combination in terms of accuracy, AUC (Area Under the Curve), and TPR (True Positive Rate). In order to validate this model, a four-year log was applied to the system handling sensitive information from public institutions. In the research target system, the user log was analyzed monthly based on the fact that the business process is processed at a cycle of one year, and the roles are determined for each person in charge. In order to classify the behavior of a user as abnormal, the standard scores of each organization were calculated and classified as abnormal when they exceeded certain thresholds. Using this method, we proposed an optimized model for the organization and verified it.
KW - Insider threat detection
KW - Machine learning
KW - Privacy behavior
KW - Security
KW - Unsupervised learning
UR - http://www.scopus.com/inward/record.url?scp=85065568630&partnerID=8YFLogxK
U2 - 10.3837/tiis.2019.03.035
DO - 10.3837/tiis.2019.03.035
M3 - Article
AN - SCOPUS:85065568630
SN - 1976-7277
VL - 13
SP - 1722
EP - 1737
JO - KSII Transactions on Internet and Information Systems
JF - KSII Transactions on Internet and Information Systems
IS - 3
ER -