Skip to Main Content
 

Global Search Box

 
 
 

ETD Abstract Container

Abstract Header

Effective Systems for Insider Threat Detection

AlSlaiman, Muhanned Qasim Jabbar
http://orcid.org/0000-0003-4364-8766
http://rave.ohiolink.edu/etdc/view?acc_num=wright1691414561805285

Abstract Details

2023, Doctor of Philosophy (PhD), Wright State University, Computer Science and Engineering PhD.
Insider threats to information security have become a burden for organizations. Understanding insider activities leads to an effective improvement in identifying insider attacks and limits their threats. This dissertation presents three systems to detect insider threats effectively. The aim is to reduce the false negative rate (FNR), provide better dataset use, and reduce dimensionality and zero padding effects. The systems developed utilize deep learning techniques and are evaluated using the CERT 4.2 dataset. The dataset is analyzed and reformed so that each row represents a variable length sample of user activities. Two data representations are implemented to model extracted features in gray encoding (GE) and kernel density estimator (KDE) with cumulative distribution function (CDF). Additionally, sentiment analysis and unique coding are assigned to each category of user activities so that the detection model can distinguish all activities, the correlation between activities, and the temporal characteristics of the activities. The first detection system is a Long-Short-Term Memory (LSTM) network. The first detection system reduced FNR, but the performance degraded as the dataset’s size increased. The second detection system combines convolutional neural networks (CNN) and LSTM networks. Processing and modeling of the dataset created two problems that hindered the performance of the previous two detection systems (1) dimensionality and (2) vanishing short rows due to zero padding. The last detection system aims to reduce the curse of dimensionality and short rows vanishing. Two neural models are utilized, embedding layer and autoencoder. The embedding layer removes padded zeros and produces dense embedded output. The autoencoder compresses the input data samples to a shorter length and feeds the processed data samples to the detection model. All detection systems presented a high performance in classifying users’ activities and detecting insider threats. The first detection system attained an AUC of 0.97, the second detection system attained an AUC of 0.74, and the third detection system attained an AUC of 0.94. The future work will incorporate modeling users’ activities, analyzing emails and website content, developing fine detection models, and investigating developing a balanced insider threat dataset.
Bin Wang, Ph.D. (Advisor)
Soon M. Chung, Ph.D. (Committee Member)
Meilin Liu, Ph.D. (Committee Member)
Zhiqiang Wu, Ph.D. (Committee Member)
183 p.
Artificial Intelligence; Computer Engineering; Computer Science; Engineering; Information Science; Information Technology
Insider Threat; Insider Threat Detection; Natural Language Processing; CERT Dataset; CERT r4.2; Kernel Density Estimation; Cumulative Distribution Function; Gray Encoding; Binary Encoding; Tokenizing; Keras Tokenizer; Deep Learning; Artificial intelligence

Recommended Citations

Citations

  • AlSlaiman, M. Q. J. (2023). Effective Systems for Insider Threat Detection [Doctoral dissertation, Wright State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=wright1691414561805285

    APA Style (7th edition)

  • AlSlaiman, Muhanned. Effective Systems for Insider Threat Detection. 2023. Wright State University, Doctoral dissertation. OhioLINK Electronic Theses and Dissertations Center, http://rave.ohiolink.edu/etdc/view?acc_num=wright1691414561805285.

    MLA Style (8th edition)

  • AlSlaiman, Muhanned. "Effective Systems for Insider Threat Detection." Doctoral dissertation, Wright State University, 2023. http://rave.ohiolink.edu/etdc/view?acc_num=wright1691414561805285

    Chicago Manual of Style (17th edition)

wright1691414561805285
616
© 2023, some rights reserved.Creative Commons License Effective Systems for Insider Threat Detection by Muhanned Qasim Jabbar AlSlaiman is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. Based on a work at etd.ohiolink.edu.
This open access ETD is published by Wright State University and OhioLINK.