Insider threat detection of adaptive optimization DBN for behavior logs

For the problems of insider threats such as great harm due to damage and resultant loss, difficulty inextracting abnormal behavior features of insiders because of transparency and concealment, and low detection rate, aninsider threat detection model using adaptive optimization DBN for behavior logs is put forward. The model carries outdeep learning based on the integrated and normalized behavior logs to fully learn normal and abnormal behavior featuresof insiders to form optimal representations of the behavior features of insiders. The experimental results show that themultiple-hidden-layer deep learning model can fully learn the behavior features of insiders, improving the detection rateof insider threat. Particularly, the adaptive optimization method of the golden section is better than that using thedichotomy method, which can increase the threat detection rate of the DBN model to 97.872%, with more significantadvantages.

PDF

___

[1] Coden A, Lin WS, Houck K, Tanenblatt M, Boston J, MacNaught JE, Soroker D, Weisz JD, Pan S, Lai JH et al. Uncovering insider threats from the digital footprints of individuals. IBM J Res Dev 2016; 60: 1-11.
[2] Greitzer FL, Moore AP, Cappelli DM, Andrews DH, Carroll LA, Hull TD. Combating the insider cyber threat. IEEE Secur Priv 2008; 6: 61-64.
[3] Azaria A, Richardson A, Kraus S, Subrahmanian VS. Behavioral analysis of insider threat: A survey and bootstrapped prediction in imbalanced data. IEEE T Comput Soc Syst 2015; 1: 135-155.
[4] Cybenko G. Deep learning of behaviors for security. In: ACM International Workshop on International Workshop on Security and Privacy Analytics; 2–4 March 2015. New York, NY, USA: ACM. pp. 1-1.
[5] Jaccard N, Rogers TW, Morton EJ, Griffin LD. Automated detection of smuggled high-risk security threats using deep learning. In: 7th International Conference on Imaging for Crime Detection and Prevention; 23–25 November 2016; Madrid, Spain. pp. 4-4.
[6] Ho SM, Warkentin M. Leader’s dilemma game: an experimental design for cyber insider threat research. Inform Syst Front 2017; 19: 377-396.
[7] Stakhov AP. The generalized principle of the golden section and its applications in mathematics, science, and engineering. Chaos Soliton Fract 2005; 26: 1157-1182.
[8] Hinton GE, Salakhutdinov RR. Reducing the dimensionality of data with neural networks. Science 2006; 313: 504.
[9] Zeiler MD, Fergus R. Visualizing and understanding convolutional networks. In: European Conference on Computer Vision; 6–12 September 2014; Zurich, Switzerland. pp. 818-833.
[10] Hinton GE, Osindero S, Teh YW. A fast learning algorithm for deep belief nets. Neural Comput 2006; 18: 1527-1554.
[11] Bengio Y. Learning Deep Architectures for AI. Foundations and Trends in Machine Learning. Delft, the Netherlands: Now Publishers, 2009.
[12] Cao LL, Huang WB, Sun FC. Building feature space of extreme learning machine with sparse denoising stackedautoencoder. Neurocomputing 2016; 174: 60-71.
[13] Hinton GE. A practical guide to training restricted Boltzmann machines. In: Montavon G, editor. Neural Networks: Tricks of the Trade 2012. 2nd ed. Berlin, Germany: Springer. pp. 599-619.
[14] Salakhutdinov R, Hiton G. An efficient learning procedure for deep boltzman machines. Neural Comput 2012; 24: 1967-2006.
[15] Hiton GE. Training products of experts by minimizing contrastive divergence. Neural Comput 2002; 14: 1771-1800.