An Artificial Neural Network Autoencoder for Insider Cyber Security Threat Detection

Karthikeyan Saminathan, Sai Tharun Reddy Mulka, Sangeetha Damodharan, Rajagopal Maheswar and Josip Lorincz ()
Additional contact information
Karthikeyan Saminathan: Computer Science and Engineering (AIML), KPR Institute of Engineering and Technology, Coimbatore 641407, Tamil Nadu, India
Sai Tharun Reddy Mulka: Computer Science and Engineering, VIT-AP University, Amaravati 522241, Andhra Pradesh, India
Sangeetha Damodharan: Information Technology, Madras Institute of Technology, Anna University, Chennai 600044, Tamil Nadu, India
Rajagopal Maheswar: Department of ECE, Centre for IoT and AI (CITI), KPR Institute of Engineering and Technology, Coimbatore 641407, Tamil Nadu, India
Josip Lorincz: Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture (FESB), University of Split, Rudjera Boskovca 32, 21000 Split, Croatia

Future Internet, 2023, vol. 15, issue 12, 1-29

Abstract: The COVID-19 pandemic made all organizations and enterprises work on cloud platforms from home, which greatly facilitates cyberattacks. Employees who work remotely and use cloud-based platforms are chosen as targets for cyberattacks. For that reason, cyber security is a more concerning issue and is now incorporated into almost every smart gadget and has become a prerequisite in every software product and service. There are various mitigations for external cyber security attacks, but hardly any for insider security threats, as they are difficult to detect and mitigate. Thus, insider cyber security threat detection has become a serious concern in recent years. Hence, this paper proposes an unsupervised deep learning approach that employs an artificial neural network (ANN)-based autoencoder to detect anomalies in an insider cyber security attack scenario. The proposed approach analyzes the behavior of the patterns of users and machines for anomalies and sends an alert based on a set security threshold. The threshold value set for security detection is calculated based on reconstruction errors that are obtained through testing the normal data. When the proposed model reconstructs the user behavior without generating sufficient reconstruction errors, i.e., no more than the threshold, the user is flagged as normal; otherwise, it is flagged as a security intruder. The proposed approach performed well, with an accuracy of 94.3% for security threat detection, a false positive rate of 11.1%, and a precision of 89.1%. From the obtained experimental results, it was found that the proposed method for insider security threat detection outperforms the existing methods in terms of performance reliability, due to implementation of ANN-based autoencoder which uses a larger number of features in the process of security threat detection.

Keywords: insider; threat; detection; autoencoder; artificial neural network; cyber security (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2023
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/15/12/373/pdf (application/pdf)
https://www.mdpi.com/1999-5903/15/12/373/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:15:y:2023:i:12:p:373-:d:1286046

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().