Title :
Unsupervised Ensemble Based Learning for Insider Threat Detection
Author :
Parveen, Pallabi ; McDaniel, N. ; Hariharan, V.S. ; Thuraisingham, Bhavani ; Khan, Latifur
Author_Institution :
Dept. of Comput. Sci., Univ. of Texas at Dallas, Richardson, TX, USA
Abstract :
Insider threats are veritable needles within the haystack. Their occurrence is rare and when they do occur, are usually masked well within normal operation. The detection of these threats requires identifying these rare anomalous needles in a contextualized setting where behaviors are constantly evolving over time. To this refined search, this paper proposes and tests an unsupervised, ensemble based learning algorithm that maintains a compressed dictionary of repetitive sequences found throughout dynamic data streams of unbounded length to identify anomalies. In unsupervised learning, compression-based techniques are used to model common behavior sequences. This results in a classifier exhibiting a substantial increase in classification accuracy for data streams containing insider threat anomalies. This ensemble of classifiers allows the unsupervised approach to outperform traditional static learning approaches and boosts the effectiveness over supervised learning approaches.
Keywords :
data compression; pattern classification; security of data; unsupervised learning; anomaly identification; behavior sequence; classification accuracy; compressed repetitive sequence dictionary; compression-based technique; dynamic data stream; ensemble based learning algorithm; insider threat detection; unsupervised ensemble based learning; Adaptation models; Data mining; Data models; Dictionaries; Testing; Training; Training data; Insider Threat; Stream mining; ensembles; sequence learning;
Conference_Titel :
Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom)
Conference_Location :
Amsterdam
Print_ISBN :
978-1-4673-5638-1
DOI :
10.1109/SocialCom-PASSAT.2012.106
