Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.4.763

Detecting Insider Threat Based on Machine Learning: Anomaly Detection Using RNN Autoencoder  

Ha, Dong-wook (Department of Security and Management Engineering, Myongji Univ.)
Kang, Ki-tae (Department of Security and Management Engineering, Myongji Univ.)
Ryu, Yeonseung (Department of Security and Management Engineering, Myongji Univ.)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.4, 2017 , pp. 763-773 More about this Journal
Abstract
In recent years, personal information leakage and technology leakage accidents are frequently occurring. According to the survey, the most important part of this spill is the 'insider' within the organization, and the leakage of technology by insiders is considered to be an increasingly important issue because it causes huge damage to the organization. In this paper, we try to learn the normal behavior of employees using machine learning to prevent insider threats, and to investigate how to detect abnormal behavior. Experiments on the detection of abnormal behavior by implementing an Autoencoder composed of Recurrent Neural Network suitable for learning time series data among the neural network models were conducted and the validity of this method was verified.
Keywords
Insider threat; Machine learning; Neural network; Anomaly detect; Information security;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 M.B.Salem, S.Hershkop, and S.J.Stolfo. "A Survey of Insider Attack Detection research," Advances in Information Security, vol.39 pp 69-90, Aug. 2007
2 Financial Security Institute, 2017 Top 10 issue report in Financial IT Security. Jan. 2017
3 T.Rashid, I.Agrafiotis, and J.R.C. Nurse, "A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models," Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, pp. 47-56, Oct. 2016
4 P.Parveen and B.Thuraisingham, "Unsupervised incremental sequence learning for insider threat detection," Proceedings of 2012 IEEE International Conference on Intelligence and Security Informatics, pp.141-143, Jun. 2012
5 Hyun-Song Jang, "Data-mining Based Anomaly Detection in Document Management System," Journal of the Knowledge Information Technology and Systems(JKITS), 10(4), pp. 465-473, Aug. 2015
6 Jun-hong Kime, Min-sik, Hae-dong Kim, Su-hyun Cho, Phil-sung Kang, Dae-woo Lee, Kyung-ah Yang, and Ki-hun Kim, "Methodology about Insider Threat Detect Technic Using Anomaly Detection," Proceedings of the Korean Institute Of Industrial Engineers(KIIE) Fall Conference, pp 1217-1249, Nov. 2016
7 O.Bradiczka, J.Liu, B.Price, J.Shen, A.Patil, R.Chow, E.Bart, and N.Ducheneaut, "Proactive Insider Threat Detection through Graph Learning and Psychological Context," Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops, pp.142-149, May, 2012
8 Department of Homland Security(DHS), "Combating the Insider Threat," May. 2014
9 Young-Hwan Lim, Jun-Suk Hong, Kwang Ho Kook, and Won Hyung Park, "A Study on Insider Behavior Scoring System to Prevent Data Leaks," Jouranl of the Information and Security, 15(5), pp.77-86, Sep. 2015
10 Insider Threat Tools - The CERT Divisio n. [Online]. Available: "https://www.cert.org/insider-threat/tools/"
11 Bong-Goo Park, "Anomaly Detection Performance Analysis of Neural Networks using Soundex Algorithm and N-gram Techniques based on System Calls," Journal of the Internet Computing and Services(JICS), 6(5) pp. 45-56, Oct. 2005
12 M.Goldstein and S.Uchida, "A Comparative Evaluation of Unsupervised Anomaly Detection Algorithms for Multivariate Data," PLOS ONE vol.11 no.4 http://dx.doi.org/10.1371/journal.pone.0152173 Apr. 2016   DOI
13 H.Kaur, G.Singh, and J.Minhas, " A Review of Machine Learning based Anomaly Detection Techniques," Journal of Computer Applications Technology and Research vol.2-issue 2, pp 185-187, Jul. 2013   DOI
14 X.Xu, Machine Learning for Sequential Behavior Modeling and Prediction. Machine Learning, Abdelhamid Mellouk and Abdennacer Chebira (Ed.), InTech. Jan. 2009