Anomaly Detection for Scenario-based Insider Activities using CGAN Augmented Data

TL;DR

This paper presents a novel approach combining CGANs with supervised learning to generate synthetic data for multi-class insider threat detection, addressing data imbalance and improving anomaly detection accuracy.

Contribution

It introduces a CGAN-based data augmentation method for multi-class insider threat detection, enhancing detection performance over existing techniques.

Findings

Synthetic data improves detection accuracy

Multi-class classification effectively identifies insider threats

Method outperforms existing approaches on benchmark datasets

Abstract

Insider threats are the cyber attacks from within the trusted entities of an organization. Lack of real-world data and issue of data imbalance leave insider threat analysis an understudied research area. To mitigate the effect of skewed class distribution and prove the potential of multinomial classification algorithms for insider threat detection, we propose an approach that combines generative model with supervised learning to perform multi-class classification using deep learning. The generative adversarial network (GAN) based insider detection model introduces Conditional Generative Adversarial Network (CGAN) to enrich minority class samples to provide data for multi-class anomaly detection. The comprehensive experiments performed on the benchmark dataset demonstrates the effectiveness of introducing GAN derived synthetic data and the capability of multi-class anomaly detection in insider activity analysis. Moreover, the method is compared with other existing methods against different parameters and performance metrics.