Dealing with extremly Unbalanced Data and Detecting Insider Threats with Deep Neural Networks

Abstract

The internal and external security of a company is important. External security can be secured by setting up mechanisms to monitor any external flow, while internal security is the most complex, in this case how do we monitor internal workers who have full privileges to access the resources and data of the organization? All necessary measures must be in place to avoid internal damage, which has increased considerably in last years. Since the number of harmful behaviors is very low compared to normal events, the imbalance in class scores does not allow supervised learning algorithms to provide accurate results as their learning depends on balanced categories. Therefore, it is necessary to use a model capable of distinguishing clearly the harmful category. In previous work, ML techniques were used, although they are less effective if the data used are not balanced. In this document, we propose an S-LSTM model based on the integration of sampling approach, which is the generation of synthetic samples to balance the two classes of learning by SMOTE technique and LSTM algorithm for identify abnormal behavior. To build and evaluate the model, we used the Cert v4.2 dataset, and through the experimental evaluation, which gave a high prediction accuracy of 99%, we show that the proposed model provides a better solution. to detect the insider threat.