User behaviour based insider threat detection model using an LSTM integrated RF model.

IF 1.1 3区计算机科学 Q4 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Network-Computation in Neural Systems Pub Date : 2025-04-03 DOI:10.1080/0954898X.2025.2483342

S K Uma Maheswaran, L Rajasekar, Ziaul Haque Choudhury, Makarand Shahade

{"title":"User behaviour based insider threat detection model using an LSTM integrated RF model.","authors":"S K Uma Maheswaran, L Rajasekar, Ziaul Haque Choudhury, Makarand Shahade","doi":"10.1080/0954898X.2025.2483342","DOIUrl":null,"url":null,"abstract":"<p><p>Insider threat is one of the most serious and frequent security risks facing various industries like governmental organizations, businesses, and institutions. Insider threat identification has a special combination of difficulties, including vastly unbalanced data, insufficient ground truth, and drifting and shifting behaviour. A user behaviour-based insider threat detection model utilizing a hybrid deep long short-term memory-random forest (LSTM-RF) model is developed to address these challenges. In this proposed insider threat detection model, the user log data is preprocessed to replace the missing value and to normalize the data to certain range. Then, these preprocessed data are provided as the input of the attribute selection process that mainly applies for selecting the essential attribute using Spearman's rank correlation coefficient. Then the deep hybrid LSTM-RF classifier to detect whether a system is affected by inside threat or not such as malware, authentication, phishing are fed to the selected features. Hybrid LSTM-RF method is implemented in python and achieved 96% accuracy, 90% precision, 90% specificity, 97% sensitivity, and 94% F1-score. During an attack, it can be easily detected inside the system attack.</p>","PeriodicalId":54735,"journal":{"name":"Network-Computation in Neural Systems","volume":" ","pages":"1-38"},"PeriodicalIF":1.1000,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Network-Computation in Neural Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/0954898X.2025.2483342","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Insider threat is one of the most serious and frequent security risks facing various industries like governmental organizations, businesses, and institutions. Insider threat identification has a special combination of difficulties, including vastly unbalanced data, insufficient ground truth, and drifting and shifting behaviour. A user behaviour-based insider threat detection model utilizing a hybrid deep long short-term memory-random forest (LSTM-RF) model is developed to address these challenges. In this proposed insider threat detection model, the user log data is preprocessed to replace the missing value and to normalize the data to certain range. Then, these preprocessed data are provided as the input of the attribute selection process that mainly applies for selecting the essential attribute using Spearman's rank correlation coefficient. Then the deep hybrid LSTM-RF classifier to detect whether a system is affected by inside threat or not such as malware, authentication, phishing are fed to the selected features. Hybrid LSTM-RF method is implemented in python and achieved 96% accuracy, 90% precision, 90% specificity, 97% sensitivity, and 94% F1-score. During an attack, it can be easily detected inside the system attack.

查看原文本刊更多论文

内部威胁是政府组织、企业和机构等各行各业面临的最严重、最频繁的安全风险之一。内部威胁的识别有很多特殊的困难，包括数据极不平衡、地面实况不充分、行为漂移和转移等。为了应对这些挑战，我们开发了一种基于用户行为的内部威胁检测模型，该模型采用了混合深度长短期记忆-随机森林（LSTM-RF）模型。在这个拟议的内部威胁检测模型中，用户日志数据经过预处理，以替换缺失值，并将数据归一化到一定范围。然后，将这些预处理数据作为属性选择流程的输入，该流程主要用于使用斯皮尔曼等级相关系数选择基本属性。然后，将选定的特征输入深度混合 LSTM-RF 分类器，以检测系统是否受到恶意软件、身份验证、网络钓鱼等内部威胁的影响。混合 LSTM-RF 方法用 python 实现，准确率达到 96%，精确率达到 90%，特异性达到 90%，灵敏度达到 97%，F1 分数达到 94%。在攻击过程中，可以很容易地检测到系统内部的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Network-Computation in Neural Systems 工程技术-工程：电子与电气

CiteScore

3.70

自引率

1.30%

发文量

审稿时长

>12 weeks

期刊介绍： Network: Computation in Neural Systems welcomes submissions of research papers that integrate theoretical neuroscience with experimental data, emphasizing the utilization of cutting-edge technologies. We invite authors and researchers to contribute their work in the following areas: Theoretical Neuroscience: This section encompasses neural network modeling approaches that elucidate brain function. Neural Networks in Data Analysis and Pattern Recognition: We encourage submissions exploring the use of neural networks for data analysis and pattern recognition, including but not limited to image analysis and speech processing applications. Neural Networks in Control Systems: This category encompasses the utilization of neural networks in control systems, including robotics, state estimation, fault detection, and diagnosis. Analysis of Neurophysiological Data: We invite submissions focusing on the analysis of neurophysiology data obtained from experimental studies involving animals. Analysis of Experimental Data on the Human Brain: This section includes papers analyzing experimental data from studies on the human brain, utilizing imaging techniques such as MRI, fMRI, EEG, and PET. Neurobiological Foundations of Consciousness: We encourage submissions exploring the neural bases of consciousness in the brain and its simulation in machines.