Unsupervised Ensemble Based Learning for Insider Threat Detection

2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing Pub Date : 2012-09-03 DOI:10.1109/SocialCom-PASSAT.2012.106

P. Parveen, Nathan McDaniel, Varun S. Hariharan, B. Thuraisingham, L. Khan

{"title":"Unsupervised Ensemble Based Learning for Insider Threat Detection","authors":"P. Parveen, Nathan McDaniel, Varun S. Hariharan, B. Thuraisingham, L. Khan","doi":"10.1109/SocialCom-PASSAT.2012.106","DOIUrl":null,"url":null,"abstract":"Insider threats are veritable needles within the haystack. Their occurrence is rare and when they do occur, are usually masked well within normal operation. The detection of these threats requires identifying these rare anomalous needles in a contextualized setting where behaviors are constantly evolving over time. To this refined search, this paper proposes and tests an unsupervised, ensemble based learning algorithm that maintains a compressed dictionary of repetitive sequences found throughout dynamic data streams of unbounded length to identify anomalies. In unsupervised learning, compression-based techniques are used to model common behavior sequences. This results in a classifier exhibiting a substantial increase in classification accuracy for data streams containing insider threat anomalies. This ensemble of classifiers allows the unsupervised approach to outperform traditional static learning approaches and boosts the effectiveness over supervised learning approaches.","PeriodicalId":129526,"journal":{"name":"2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing","volume":"324 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SocialCom-PASSAT.2012.106","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

Abstract

Insider threats are veritable needles within the haystack. Their occurrence is rare and when they do occur, are usually masked well within normal operation. The detection of these threats requires identifying these rare anomalous needles in a contextualized setting where behaviors are constantly evolving over time. To this refined search, this paper proposes and tests an unsupervised, ensemble based learning algorithm that maintains a compressed dictionary of repetitive sequences found throughout dynamic data streams of unbounded length to identify anomalies. In unsupervised learning, compression-based techniques are used to model common behavior sequences. This results in a classifier exhibiting a substantial increase in classification accuracy for data streams containing insider threat anomalies. This ensemble of classifiers allows the unsupervised approach to outperform traditional static learning approaches and boosts the effectiveness over supervised learning approaches.

查看原文本刊更多论文

基于无监督集成的内部威胁检测学习

内部威胁确实是大海捞针。它们的发生是罕见的，当它们确实发生时，通常在正常操作中被掩盖得很好。检测这些威胁需要在行为随时间不断变化的环境中识别这些罕见的异常针头。对于这种精细搜索，本文提出并测试了一种无监督的基于集成的学习算法，该算法维护在无限长度的动态数据流中发现的重复序列的压缩字典，以识别异常。在无监督学习中，基于压缩的技术用于对常见行为序列进行建模。这导致分类器对包含内部威胁异常的数据流的分类精度有了实质性的提高。这种分类器的集成允许无监督方法优于传统的静态学习方法，并提高了监督学习方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing

自引率

0.00%

发文量