Detecting the Insider Threat with Long Short Term Memory (LSTM) Neural Networks
Eduardo Lopez, Kamran Sartipi
TL;DR
This paper explores using LSTM neural networks to detect insider threats by analyzing large, unstructured electronic logs, demonstrating improved effectiveness in identifying malicious user behaviors.
Contribution
It introduces a novel application of LSTM networks for insider threat detection using large-scale log data, enhancing security analysis capabilities.
Findings
LSTM effectively models sequential log data for threat detection
Deep learning reduces manual analysis effort
Large anonymized dataset validates approach
Abstract
Information systems enable many organizational processes in every industry. The efficiencies and effectiveness in the use of information technologies create an unintended byproduct: misuse by existing users or somebody impersonating them - an insider threat. Detecting the insider threat may be possible if thorough analysis of electronic logs, capturing user behaviors, takes place. However, logs are usually very large and unstructured, posing significant challenges for organizations. In this study, we use deep learning, and most specifically Long Short Term Memory (LSTM) recurrent networks for enabling the detection. We demonstrate through a very large, anonymized dataset how LSTM uses the sequenced nature of the data for reducing the search space and making the work of a security analyst more effective.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Anomaly Detection Techniques and Applications · Information and Cyber Security
MethodsTanh Activation · Sigmoid Activation · Long Short-Term Memory