Detection of Insider Threats using Artificial Intelligence and Visualisation

TL;DR

This paper proposes a CNN-based approach using visualization and machine learning to detect insider threats in IT systems by classifying user activities as malicious or benign from image data.

Contribution

It introduces a novel application of CNNs trained on visualized user activity data for insider threat detection, combining AI and visualization techniques.

Findings

CNN successfully classified user activities as malicious or benign.

Visualization of user activity images aids in threat identification.

The approach demonstrates potential for automated insider threat detection.

Abstract

Insider threats are one of the most damaging risk factors for the IT systems and infrastructure of a company or an organization; identification of insider threats has prompted the interest of the world academic research community, with several solutions having been proposed to alleviate their potential impact. For the implementation of the experimental stage described in this study, the Convolutional Neural Network (from now on CNN) algorithm was used and implemented via the Google TensorFlow program, which was trained to identify potential threats from images produced by the available dataset. From the examination of the images that were produced and with the help of Machine Learning, the question of whether the activity of each user is classified as malicious or not for the Information System was answered.