CAS - Attention based ISO/IEC 15408–2 Compliant Continuous Audit System for Insider Threat Detection

Abstract

Enterprises are facing information security threats to intranet-based infrastructure and allied systems from external as well as insider cyber actors. A lot of research has been done to identify the evil insiders and prevent their malicious acts. Moreover, there are many others challenges such as limited availability of real labeled data, variations in organizational nature and emerging zero-day attempts from insiders. Therefore, new approaches are essentially required to combat Information Security (IS) non-complaint behavior and emerging insider cyber threats. To this end, we proposed a novel information security auditing-based system for insider threat detection. Unlike traditional audit approaches, this novel approach is based on continuous auditing system. The approach also fulfills the requirements of with ISO/IEC 15408–2 auditing standard. Moreover, system also proposed deep attention neural network to classify the trusted and untrusted users based on the generated activity logs. We evaluated CAS on the defacto dataset for insider threat detection i.e., CERT. 6.2. Evaluation results show that the proposed model learns from real-world data sets to detect IS non-complaint actions to classify the untrusted insider. The proposed model achieved an accuracy of more than 97% and outpaced traditional machine learning approaches.