Abstract
Internal user threat detection is an important research problem in the field of system security. Recently, the analysis of abnormal behaviors of users is divided into supervised learning method (SID) and unsupervised learning method (AD). However, supervised learning method relies on domain knowledge and user background, which means it cannot detect previously unknown attacks and is not suitable for multi-detection domain scenarios. Most existing AD methods use the clustering algorithm directly. But for threat detection on internal users’ behavior, mostly for high-dimensional cross-domain log files, as far as we know, there are few methods of multi-domain audit log data with effective feature extraction. An effective feature extraction method which can not only reduce testing cost greatly, but also detect the abnormal behavior of users more accurately. We propose a new unsupervised log abnormal behavior detection method which is based on the denoising autoencoders to encode the user log file, and adopts the integrated method to detect the abnormal data after encoding. Compared with the traditional detection method, it can analyze the abnormal information in the user behavior more effectively, thus playing a preventive role against internal threats. In addition, the method is completely data driven and does not rely on relevant domain knowledge and user’s background attributes. Experimental results verify the effectiveness of the integrated anomaly detection method under the multi-domain detection scenario of user log files.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mayhew, M., Atighetchi, M., Adler, A., et al.: Use of machine learning in big data analytics for insider threat detection. In: Military Communications Conference. IEEE (2015)
Gheyas, I.A., Abdallah, A.E.: Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis. Big Data Anal. 1(1), 6 (2016)
Evolving insider threat detection stream mining perspective. Int. J. Artif. Intell. Tools 22(05), 1360013 (2013)
Chen, C.-M., Huang, Y., Wang, E.K., Wu, T.-Y.: Improvement of a mutual authentication protocol with anonymity for roaming service in wireless communications. Data Sci. Pattern Recogn. 2(1), 15–24 (2018)
Chen, C.-M., Xu, L., Wu, T.-Y., Li, C.-R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 1(2), 61–66 (2016)
Chen, Y., Nyemba, S., Malin, B.: Detecting anomalous insiders in collaborative information systems. IEEE Trans. Dependable Secure Comput. 9(3), 332–344 (2012)
Young, W.T., Goldberg, H.G., Memory, A., et al.: Use of domain knowledge to detect insider threats in computer activities (2013)
Rousseeuw, P.J., Driessen, K.V.: A fast algorithm for the minimum covariance determinant estimator. Technometrics 41(3), 212–223 (1999)
Liu, F.T., Kai, M.T., Zhou, Z.H.: Isolation forest. In: Eighth IEEE International Conference on Data Mining (2009)
Manevitz, L.M., Yousef, M.: One-class SVMs for document classification. J. Mach. Learn. Res. 2(1), 139–154 (2002)
Lee, J., Kang, B., Kang, S.H.: Integrating independent component analysis and local outlier factor for plant-wide process monitoring. J. Process Control 21(7), 1011–1021 (2011)
Li, D., Chen, D., Goh, J., et al.: Anomaly detection with generative adversarial networks for multivariate time series (2018)
Dilokthanakul, N., Mediano, P.A.M., Garnelo, M., et al.: Deep unsupervised clustering with Gaussian mixture variational autoencoders (2016)
Glasser, J., Lindauer, B.: Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE Security and Privacy Workshops (SPW). IEEE (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhang, Z., Wang, S., Lu, G. (2020). An Internal Threat Detection Model Based on Denoising Autoencoders. In: Pan, JS., Li, J., Tsai, PW., Jain, L. (eds) Advances in Intelligent Information Hiding and Multimedia Signal Processing. Smart Innovation, Systems and Technologies, vol 157. Springer, Singapore. https://doi.org/10.1007/978-981-13-9710-3_41
Download citation
DOI: https://doi.org/10.1007/978-981-13-9710-3_41
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9709-7
Online ISBN: 978-981-13-9710-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)