TL;DR
This paper introduces LAC, an unsupervised LSTM autoencoder model that detects insider threats by analyzing employee activity sequences and leveraging community behavior to improve anomaly detection accuracy.
Contribution
We propose a novel LSTM autoencoder variant trained on interleaved community activity sequences to enhance insider threat detection and understand community influence on employee routines.
Findings
Effective detection of anomalous employees demonstrated on CERT dataset.
Community-based training improves anomaly detection accuracy.
Model captures influence of peer routines on individual behavior.
Abstract
The employees of any organization, institute, or industry, spend a significant amount of time on a computer network, where they develop their own routine of activities in the form of network transactions over a time period. Insider threat detection involves identifying deviations in the routines or anomalies which may cause harm to the organization in the form of data leaks and secrets sharing. If not automated, this process involves feature engineering for modeling human behavior which is a tedious and time-consuming task. Anomalies in human behavior are forwarded to a human analyst for final threat classification. We developed an unsupervised deep neural network model using LSTM AUTOENCODER which learns to mimic the behavior of individual employees from their day-wise time-stamped sequence of activities. It predicts the threat scenario via significant loss from anomalous routine.…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsTanh Activation · Sigmoid Activation · Long Short-Term Memory · Solana Customer Service Number +1-833-534-1729
