Behavioral Analytics for Continuous Insider Threat Detection in Zero-Trust Architectures
Gaurav Sarraf
TL;DR
This paper presents a machine learning-based behavioral analytics framework using AdaBoost to detect insider threats continuously in zero-trust architectures, demonstrating high accuracy and robustness.
Contribution
It introduces an effective AdaBoost classifier for insider threat detection, outperforming traditional models in zero-trust cybersecurity environments.
Findings
AdaBoost achieved 98.0% accuracy and 0.98 AUC.
The framework effectively detects insider threats with high precision and recall.
Benchmark models showed lower performance compared to AdaBoost.
Abstract
Insider threats are a particularly tricky cybersecurity issue, especially in zero-trust architectures (ZTA) where implicit trust is removed. Although the rule of thumb is never trust, always verify, attackers can still use legitimate credentials and impersonate the standard user activity. In response, behavioral analytics with machine learning (ML) can help monitor the user activity continuously and identify the presence of anomalies. This introductory framework makes use of the CERT Insider Threat Dataset for data cleaning, normalization, and class balance using the Synthetic Minority Oversampling Technique (SMOTE). It also employs Principal Component Analysis (PCA) for dimensionality reduction. Several benchmark models, including Support Vector Machine (SVM), Artificial Neural Network (ANN), and Bayesian Network (Bayes Net), were used to develop and evaluate the AdaBoost classifier.…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Information and Cyber Security · Security and Verification in Computing