Insider Threat Detection Using Behavioural Analysis through Machine Learning and Deep Learning Techniques

Siva Satya Prasad Pennada; Sasmita Kumari Nayak; Vamsi Krishna M

doi:10.54392/irjmt2527

Authors

Siva Satya Prasad Pennada Department of Computer Science Engineering, Centurion University of Technology and Management, Bhubaneswar, Odisha, India. Author https://orcid.org/0000-0002-4867-3584
Sasmita Kumari Nayak Department of Computer Science Engineering, Centurion University of Technology and Management, Bhubaneswar, Odisha, India. Author https://orcid.org/0000-0003-4987-0739
Vamsi Krishna M Department of MCA, Aditya University, Surampalem, Andhra Pradesh, 533437, India. Author

DOI:

https://doi.org/10.54392/irjmt2527

Keywords:

Insider threat Detection, Behavioral Analysis, Machine Learning, CERT, ANN

Abstract

Insider threats pose a significant security challenge to organizational assets and sensitive information. This paper presents a novel approach to insider threat detection by categorizing features into several behavioral types, including Time-related, User-related, Project and Role-related, Activity-related, Logon-related, USB-related, File-related, and Email-related features. Using a comprehensive dataset of 830 features, this paper addresses the challenge of class imbalance through the Synthetic Minority Over-sampling Technique (SMOTE), which improves the balance and preserves data patterns. Dividing features into distinct behavioral categories enhances the precision of threat detection by focusing on specific patterns and anomalies related to different behaviors. The evaluation of machine learning classifiers demonstrates high accuracy across various feature types: Random Forest achieved 76.4% for Time-related, 96.4% for User-related, 85.3% for Project and Role-related, 91.2% for Activity-related, 65.3% for Logon-related, 81.4% for USB-related, 92.5% for File-related, and 99.8% for email-related features. Artificial Neural Networks (ANN) showed good performance with 72% for Time-related, 85% for User-related, 87.6% for Project and Role-related, 75% for Activity-related, 65.5% for Logon-related, 89.7% for USB-related, 86.5% for File-related, and 90% for email-related features. This work underscores the effectiveness of feature categorization and the SMOTE technique in enhancing classifier performance and provides valuable insights for improving organizational security against insider threats.

References

Assessing insider threats: CISA (no date) Cybersecurity and Infrastructure Security Agency CISA. Available at: https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/assessing-insider-threats

S. Yuan, X. Wu, Deep learning for insider threat detection: Review, challenges and opportunities. Computers & Security, 104, (2021) 102221. https://doi.org/10.1016/j.cose.2021.102221

M. F. Arroyabe, C.F.A. Arranz, I.F. De Arroyabe, J.C.F. de Arroyabe, Revealing the realities of cybercrime in small and medium enterprises: Understanding fear and taxonomic perspectives. Computers & Security, 141, (2024) 103826. https://doi.org/10.1016/j.cose.2024.103826

Z. Wei, U. Rauf, F. Mohsen, E-Watcher: insider threat monitoring and detection for enhanced security. Annals of Telecommunications, 79(11), (2024) 819–831. https://doi.org/10.1007/s12243-024-01023-7

T.O. Oladimeji, C.K. Ayo, S.E. Adewumi, Review on Insider Threat Detection Techniques. Journal of Physics: Conference Series, IOP Publishing, 1299(1), (2019) 012046. https://doi.org/10.1038/s41598-024-77240-w

D. Mladenovic, M. Antonijevic, L. Jovanovic, V. Simic, M. Zivkovic, N. Bacanin, T. Zivkovic, J. Perisic, Sentiment classification for insider threat identification using metaheuristic optimized machine learning classifiers. Scientific Reports, 14(1), (2024) 25731. https://doi.org/10.1038/s41598-024-77240-w

B. Bin Sarhan, N. Altwaijry, Insider Threat Detection Using Machine Learning Approach. Applied Sciences, 13(1), (2022) 259. https://doi.org/10.3390/app13010259

K. Fei, J. Zhou, Y. Zhou, X. Gu, H. Fan, B. Li, W. Wang, Y. Chen, LaAeb: A comprehensive log-text analysis based approach for insider threat detection. Computers & Security, 148, (2025) 104126. https://doi.org/10.1016/j.cose.2024.104126

M. Vanitha, M. Navya Patel, K. Madhumitha, J. Sathvika, Enhancing Insider Threat Detection in Cloud Environments Through Ensemble Learning. International Journal of Communication Networks and Information Security (IJCNIS), 16(5), (2024) 638–647. https://www.ijcnis.org/index.php/ijcnis/article/view/7870

S. Zeadally, B. Yu, D.H. Jeong, L. Liang, Detecting insider threats: Solutions and trends. Information security journal: A global perspective, 21(4), (2012) 183-192. https://doi.org/10.1080/19393555.2011.654318

S. Song, N. Gao, Y. Zhang, C. Ma, BRITD: behavior rhythm insider threat detection with time awareness and user adaptation. Cybersecurity, 7(1), (2024). https://doi.org/10.1186/s42400-023-00190-9

T. Al-Shehari, D. Rosaci, M. Al-Razgan, T. Alfakih, M. Kadrie, H. Afzal, R. Nawaz, Enhancing Insider Threat Detection in Imbalanced Cybersecurity Settings Using the Density-Based Local Outlier Factor Algorithm. IEEE Access, 12, (2024) 34820 – 34834. https://doi.org/10.1109/ACCESS.2024.3373694

O. Nikiforova, A. Romanovs, V. Zabiniako, J. Kornienko, Detecting and Identifying Insider Threats Based on Advanced Clustering Methods. IEEE Access, 12, (2024) 30242-30253. https://doi.org/10.1109/ACCESS.2024.3365424

K.C. Roy, G. Chen, GraphCH: A Deep Framework for Assessing Cyber-Human Aspects in Insider Threat Detection. IEEE Transactions on Dependable and Secure Computing, 21(5), (2024) 4495-4509. https://doi.org/10.1109/TDSC.2024.3353929

Y. Li, Y. Su, (2023) The Insider Threat Detection Method of University Website Clusters Based on Machine Learning. 2023 6th International Conference on Artificial Intelligence and Big Data (ICAIBD), IEEE, Chengdu, China. https://doi.org/10.1109/ICAIBD57115.2023.10206282

D. Sridevi, L. Kannagi, G. Vivekanandan, S. Revathi, (2023) Detecting Insider Threats in Cybersecurity Using Machine Learning and Deep Learning Techniques. In 2023 International Conference on Communication, Security and Artificial Intelligence (ICCSAI), IEEE, India. https://doi.org/10.1109/ICCSAI59793.2023.10421133

R. Kumar, (2023) Thee Machine Learning Analysis of Data Granularity for Insider Threat Detection. 4th IEEE Global Conference for Advancement in Technology (GCAT), Bangalore, India. https://doi.org/10.1109/GCAT59970.2023.10353269

A. Mittal, U. Garg, (2023) Prediction and Detection of Insider Threat Detection using Emails: A Comparision. Second International Conference on Electrical, Electronics, Information and Communication Technologies (ICEEICT), IEEE, Trichirappalli, India. https://doi.org/10.1109/ICEEICT56924.2023.10157297

U. Rauf, Z. Wei, F. Mohsen, (2023) Employee Watcher: A Machine Learning-based Hybrid Insider Threat Detection Framework. 7th Cyber Security in Networking Conference (CSNet), Canada. https://doi.org/10.1109/CSNet59123.2023.10339777

A. Diop, N. Emad, T. Winter, A Parallel and Scalable Framework for Insider Threat Detection. (2020) IEEE 27th International Conference on High Performance Computing, Data, and Analytics (HiPC), Pune, India. https://doi.org/10.1109/HiPC50609.2020.00024

P.S.S. Prasad, S.K. Nayak, M.V. Krishna, Enhanced Insider Threat Detection Through Machine Learning Approach With Imbalanced Data Resolution. Journal of Theoretical and Applied Information Technology, 102(3), (2024).

F.R. Alzaabi, A. Mehmood, A Review of Recent Advances, Challenges, and Opportunities in Malicious Insider Threat Detection Using Machine Learning Methods. IEEE Access, 12, (2024) 30907-30927. https://doi.org/10.1109/ACCESS.2024.3369906

M. Villarreal-Vasquez, G. Modelo-Howard, S. Dube, B. Bhargava, Hunting for Insider Threats Using LSTM-Based Anomaly Detection. IEEE Transactions on Dependable and Secure Computing, 20(1), (2023) 451-462. https://doi.org/10.1109/TDSC.2021.3135639

J. Xiao, L. Yang, F. Zhong, X. Wang, H. Chen, D. Li, Robust Anomaly-Based Insider Threat Detection Using Graph Neural Network. IEEE Transactions on Network and Service Management, 20(3), (2023) 3717-3733. https://doi.org/10.1109/TNSM.2022.3222635

S. Singh, P. Chattopadhyay, (2023) Hierarchical Classification Using Ensemble of Feed-Forward Networks for Insider Threat Detection from Activity Logs. IEEE 20th India Council International Conference (INDICON), Hyderabad, India. https://doi.org/10.1109/ICPCSN58827.2023.00050

F. Meng, P. Lu, J. Li, T. Hu, M. Yin, F. Lou, (2021) GRU and Multi-autoencoder based Insider Threat Detection for Cyber Security. IEEE Sixth International Conference on Data Science in Cyberspace (DSC), Shenzhen, China. https://doi.org/10.1109/DSC53577.2021.00035

M. Singh, B. Mehtre, S. Sangeetha, (2021) User Behaviour based Insider Threat Detection in Critical Infrastructures. International Conference on Secure Cyber Computing and Communications (ICSCCC), IEEE, Jalandhar, India. https://doi.org/10.1109/ICSCCC51823.2021.9478137

E. Pantelidis, G. Bendiab, S. Shiaeles, N. Kolokotronis, (2021) Insider Threat Detection using Deep Autoencoder and Variational Autoencoder Neural Networks. IEEE International Conference on Cyber Security and Resilience (CSR), IEEE, Greece. https://doi.org/10.1109/CSR51186.2021.9527925

D.C. Le, N. Zincir-Heywood, Anomaly detection for insider threats using unsupervised ensembles. IEEE Transactions on Network and Service Management, 18(2), (2021) 1152-1164. https://doi.org/10.1109/TNSM.2021.3071928

J. Wang, Q. Sun, C. Zhou, Insider Threat Detection Based on Deep Clustering of Multi-Source Behavioral Events. Applied Sciences, 13(24), (2023) 13021. https://doi.org/10.3390/app132413021

A. Anju, K. Shalini, H. Ravikumar, P. Saranya, M. Krishnamurthy, (2023) Detection of Insider Threats Using Deep Learning. In 2023 3rd International Conference on Pervasive Computing and Social Networking (ICPCSN), IEEE, India. https://doi.org/10.1109/ICPCSN58827.2023.00050

F. Whitelaw, J. Riley, N. Elmrabit, A Review of the Insider Threat, a Practitioner Perspective Within the U.K. Financial Services. IEEE Access, 12, (2024) 34752-34768. https://doi.org/10.1109/ACCESS.2024.3373265

N. Kothari, C. Bhardwaj, S. Mishra, S. K. Satapathy, S.B. Cho, P. K. Mallick, (2024) Towards Insider Threat Resilience: A Proposed Mitigation Model. 2024 International Conference on Emerging Systems and Intelligent Computing (ESIC), Bhubaneswar, India. https://doi.org/10.1109/ESIC60604.2024.10481615

S. Eftimie, R. Moinescu, C. Rǎcuciu, (2020) Insider Threat Detection Using Natural Language Processing and Personality Profiles. 13th International Conference on Communications (COMM), Bucharest, Romania. https://doi.org/10.1109/COMM48946.2020.9141964

R. Orizio, S. Vuppala, S. Basagiannis, G. Provan, (2020) Towards an Explainable Approach for Insider Threat Detection: Constraint Network Learning. International Conference on Intelligent Data Science Technologies and Applications (IDSTA), Spain. https://doi.org/10.1109/IDSTA50958.2020.9264049

A. Erola, I. Agrafiotis, M. Goldsmith, S. Creese, Insider-threat detection: Lessons from deploying the CITD tool in three multinational organisations. Journal of Information Security and Applications, 67. (2022) 103167. https://doi.org/10.1016/j.jisa.2022.103167

M. Alohaly, O. Balogun, D. Takabi, Integrating cyber deception into attribute-based access control (ABAC) for insider threat detection. IEEE Access, 10, (2022)108965-108978. https://doi.org/10.1109/ACCESS.2022.3213645

Tree, M.B. Directory tree. Available at: https://web.cs.dal.ca/~lcd/data/CERTr5.2/