 Exploring anomalous behaviour detection and classification for insider threat identificationDuc C. Le and Nur Zincir‐Heywood International Journal of Network Management, 2021, vol. 31, issue 4 Abstract: Recently, malicious insider threats represent one of the most damaging threats to companies and government agencies. Insider threat detection is a highly skewed data analysis problem, where the huge class imbalance makes the adaptation of learning algorithms to the real‐world context very difficult. This study proposes a new system for user‐centred machine learning‐based anomaly behaviour and insider threat detection on multiple data granularity levels. System evaluations and analysis are performed not only on individual data instances but also on normal and malicious users. Our results show that the proposed system, which is a combination of unsupervised anomaly detection and supervised machine learning methods, can learn from unlabelled data and a very small amount of labelled data. Furthermore, it can generalize to bigger datasets for detecting anomalous behaviours and unseen malicious insiders with a high detection and a low false‐positive rate. Date: 2021 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:wly:intnem:v:31:y:2021:i:4:n:e2109 Access Statistics for this article More articles in International Journal of Network Management from John Wiley & Sons |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.