Dynamic Insider Threat Detection Based on Adaptable Genetic Programming

Abstract

Different variations in deployment environments of machine learning techniques may affect the performance of the implemented systems. The variations may cause changes in the data for machine learning solutions, such as in the number of classes and the extracted features. This paper investigates the capabilities of Genetic Programming (GP) for malicious insider detection in corporate environments under such changes. Assuming a Linear GP detector, techniques are introduced to allow a previously trained GP population to adapt to different changes in the data. The experiments and evaluation results show promising insider threat detection performances of the techniques in comparison with training machine learning classifiers from scratch. This reduces the amount of data needed and computation requirements for obtaining dependable insider threat detectors under new conditions.