A PREDICTIVE USER BEHAVIOUR ANALYTIC MODEL FOR INSIDER THREATS IN CYBERSPACE

Article Sidebar

PDF
Published: Apr 12, 2022
Versions:
2022-04-12 (1)
DOI: https://doi.org/10.17762/ijcnis.v14i1.5208
Keywords:
Insider threats, Deep learning, Convolutional Neural Network, Gated Recurrent Unit, User Behaviour

Main Article Content

Olarotimi Kabir Amuda
Obafemi Awolowo Unversity, Ile- ife
Bodunde Odunola Akinyemi
Obafemi Awolowo University, Ile-Ife
http://orcid.org/0000-0001-6943-7137
Mistura Laide Sanni
Obafemi Awolowo Unversity, Ile- ife
Ganiyu Adesola Aderounmu
Obafemi Awolowo Unversity, Ile- ife

Abstract

Insider threat in cyberspace is a recurring problem since the user activities in a cyber network are often unpredictable. Most existing solutions are not flexible and adaptable to detect sudden change in user’s behaviour in streaming data, which led to a high false alarm rates and low detection rates. In this study, a model that is capable of adapting to the changing pattern in structured cyberspace data streams in order to detect malicious insider activities in cyberspace was proposed. The Computer Emergency Response Team (CERT) dataset was used as the data source in this study. Extracted features from the dataset were normalized using Min-Max normalization. Standard scaler techniques and mutual information gain technique were used to determine the best features for classification. A hybrid detection model was formulated using the synergism of Convolutional Neural Network (CNN) and Gated Recurrent Unit (GRU) models. Model simulation was performed using python programming language. Performance evaluation was carried out by assessing and comparing the performance of the proposed model with a selected existing model using accuracy, precision and sensitivity as performance metrics. The result of the simulation showed that the developed model has an increase of 1.48% of detection accuracy, 4.21% of precision and 1.25% sensitivity over the existing model. This indicated that the developed hybrid approach was able to learn from sequences of user actions in a time and frequency domain and improves the detection rate of insider threats in cyberspace.

Article Details

How to Cite
Amuda, O. K., Akinyemi, B. O., Sanni, M. L., & Aderounmu, G. A. (2022). A PREDICTIVE USER BEHAVIOUR ANALYTIC MODEL FOR INSIDER THREATS IN CYBERSPACE. International Journal of Communication Networks and Information Security (IJCNIS), 14(1). https://doi.org/10.17762/ijcnis.v14i1.5208
Issue
Vol. 14 No. 1 (2022)
Section
Research Articles
Author Biographies

Olarotimi Kabir Amuda, Obafemi Awolowo Unversity, Ile- ife

Postgraduate student, Department of Computer Science and Engineering

Bodunde Odunola Akinyemi, Obafemi Awolowo University, Ile-Ife

Senior Lecturer, Department of Computer Science

Mistura Laide Sanni, Obafemi Awolowo Unversity, Ile- ife

Senior Lecturer, Department of Computer Science and Engineering

Ganiyu Adesola Aderounmu, Obafemi Awolowo Unversity, Ile- ife

Professor, Department of Computer Science and Engineering

References

REFERENCES

Akinyemi, B.O., Amoo, O. A., and Olajubu, A. E. (2014). An Adaptive Decision Support Model for Data Communication Network Security Risk Management. International Journal of Computer Applications, Vol. 106, No. 8, pp. 1-7

Akinyemi B.O., Amoo A.O., and Aderounmu G.A. (2015). Performance Prediction Model for Network Security Risk Management. Communications on Applied Electronics (CAE), Vol.2, No.8, pp.1-7, doi: 10.5120/cae2015651816.

Schultz, E. E. (2002). A framework for understanding and predicting insider attacks. Computers and security, Vol. 21. No.6, pp.526-531. DOI: 10.1016/S0167-4048(02)01009-X

Greitzer F.L, Hohimer R.E, (2011). Modeling Human Behavior to Anticipate Insider Attacks. Journal of Strategic Security, Vol. 4, No.2, pp.25–48. DOI: 10.5038/1944-0472.4.2.2

Stolfo, S. J., Bellovin, S. M., Keromytis, A. D., Hershkop, S., and Smith, S. W, Sinclair, S. (2008). Insider attack and cyber security: beyond the hacker, Vol. 39. DOI: 10.1007/978-0-387-77322-3

Caralli, R. A., Allen, J. H., Curtis, P. D., White, D. W., and Young, L. R. (2010), “Improving Operational Resilience Processes: The CERT Resilience Management Model”, in proceedings of the 2010 IEEE Second International Conference on Social Computing (SocialCom). pp. 1165-1170. doi: 10.1109/SocialCom.2010.173.

Pramanik, A. G., Singh, V., Vig, R., Srivastava, A. K. and Tiwary, D. N. (2004). Estimation of effective porosity using geostatistics and multiattribute transforms: A case study. Geophysics, Vol.69, No. 2, pp.352-372. DOI: 10.1190/1.1707054

Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A. and Srivastava, J. (2003). A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the 2003 SIAM international conference on data mining, pp. 25-36. DOI: 10.1137/1.9781611972733.3

Wood, B. (2000). An insider threat model for adversary simulation. SRI International, Research on Mitigating the Insider Threat to Information Systems, pp. 1-3.

Schoenholtz, A. I., Schrag, P. G. and Ramji-Nogales, J. (2014). Lives in the balance: Asylum adjudication by the department of homeland security. NYU Press.

Shabtai, A., Elovici, Y. and Rokach, L. (2012). A survey of data leakage detection and prevention solutions. Springer Science and Business Media. ISBN: 978-1-4614-2052-1

Sapegin A., Amirkhanyan A., Gawron M., Cheng F., Meinel C. (2015) Poisson-Based Anomaly Detection for Identifying Malicious User Behaviour. In: Boumerdassi S., Bouzefrane S., Renault É. (eds) Mobile, Secure, and Programmable Networking. MSPN 2015. Lecture Notes in Computer Science, Vol. 9395. Springer, Cham. doi:10.1007/978-3-319-25744-0_12

Udoeyop, A., Sheldon, F. and Kirkpatrick, M. (2009). Heuristic identification and tracking of insider threat prospectus. August, 14, 2009.

Alghamdi, G., Laskey, K., Wang, X., Barbara, D., Shackelford, T., Wright, E. and Fitzgerald, J. (2004). Detecting threatening behavior using bayesian networks. In Proceedings of the Conference on Behavioral Representation in Modeling and Simulation, pp. 32-33.

McKinney, S. and Reeves, D. S. (2009). User identification via process profiling. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, pp. 1-4. Doi:10.1145/1558607.1558666

Wang, H., Liu, S. and Zhang, X. (2006). A prediction model of insider threat based on multi-agent. In 2006 First International Symposium on Pervasive Computing and Applications, pp.273-278. Doi: 10.1109/SPCA.2006.297582

Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J. and Zerkle, D. (1996). GrIDS-a graph based intrusion detection system for large networks. In Proceedings of the 19th national information systems security conference, pp.361-370.

Akinyemi B.O; Jekoyemi O.V; Aladesanmi T.A; Aderounmu G.A; and Kamagate B.H (2018). A Scalable Attack Graph Generation for Network Security Management. Journal of Computer Science and Information Technology (JCSIT), Vol.6, No.2, pp.30-44, doi:10.15640/jcsit.v6n2a4.

Gamachchi A., Sun L., and Boztas L. (2017). Graph based framework for malicious insider threat detection. In Proceedings of the 50th Hawaii International Conference of System Science, pp. 2638–2647. Doi: 10.24251/HICSS.2017.319

Szymanski, B. K. and Zhang, Y. (2004). Recursive data mining for masquerade detection and author identification. In Proceedings of the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 424-431. Doi: 10.1109/IAW.2004.1437848

Parveen, P., Mcdaniel, N., Weger, Z., Evans, J., Thuraisingham, B., Hamlen, K. and Khan, L. (2013). Evolving insider threat detection stream mining perspective. International Journal on Artificial Intelligence Tools, Vol.22, No.05, 1360013. Doi: 10.1142/S0218213013600130

Gavai, G.; Sricharan, K.; Gunning, D.; Hanley, J.; Singhal, M.; and Rolleston, R. 2015. Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications Vol.6, No.4, pp.47–63.

Sun, L., Versteeg, S., Boztas, S. and Rao, A. (2016). Detecting anomalous user behavior using an extended isolation forest algorithm: an enterprise case study. arXiv:1609.06676

Ma, W., Sartipi, K. and Bender, D. (2016). Knowledge-driven user behavior pattern discovery for system security enhancement. International Journal of Software Engineering and Knowledge Engineering, Vol.26, No.03, pp.379-404. Doi: 10.1142/S0218194016500169

Xi, X., Zhang, T., Du, D., Zhao, G., Gao, Q., Zhao, W. and Zhang, S. (2018). Method and System for Detecting Anomalous User Behaviors: An Ensemble Approach. In proceedings of the 30th International Conference on Software Engineering and Knowledge Engineering (SEKE), pp. 263-262. Doi: 10.18293/SEKE2018-036

Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N. and Robinson, S. (2017). Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. In Workshops at the Thirty-First AAAI Conference on Artificial Intelligence. arXiv:1710.00811

Yuan F., Cao Y., Shang Y., Liu Y., Tan J., Fang B. (2018) Insider Threat Detection with Deep Neural Network. In: Shi Y. et al. (eds) Computational Science – ICCS 2018. ICCS 2018. Lecture Notes in Computer Science, Vol 10860. Doi: 10.1007/978-3-319-93698-7_4

Matterer J. and Lejeune D. (2018). Peer group metadata-informed LSTM ensembles for insider threat detection. In proceedings of the International Florida Artificial Intelligence Research Society Conference, pp. 62–67.