A Machine Learning Framework & Development for Insider Cyber-crime Threats Detection

Abstract

Many organizations face a significant challenge with insider threats. As conventional security measures like intrusion detection systems and firewalls aren't always effective in detecting and preventing such threats. Insider threats often come from trusted individuals who possess knowledge of and access to important organizational assets. This work explores the use of machine learning to classify insider threat behaviors, specifically focusing on three approaches such that supervised, unsupervised, and reinforcement learning. The paper describes the development of an unsupervised machine learning system that analyzes data from multiple technical sources to detect malicious insider activity. The system, which is designed to be simple and easy to assemble, was tested with existing machine learning algorithms and showed moderate success in detecting malicious insider activity during the training phase and negligible success during the testing phase.These results suggest that while machine learning can be a useful tool for detecting insider threats, it should not be solely relied upon for threat detection. To improve the current system's performance, it is necessary to include additional features, such as file names, email subjects and headers, and website types. Furthermore, physical security, cybersecurity, psychological, and organizational factors must be considered when addressing insider threats. Future research should focus on acquiring real datasets, collecting insider threat scenarios and use cases, and testing different machine learning approaches from both technical and non-technical sources.