Exploring Feature Normalization and Temporal Information for Machine Learning Based Insider Threat Detection. Ferreira, P.; Le, D. C.; and Zincir-Heywood, N. In International Conference on Network and Service Management (CNSM 2019), Halifax, Canada, October, 2019.
Exploring Feature Normalization and Temporal Information for Machine Learning Based Insider Threat Detection [pdf]Paper  abstract   bibtex   
Insider threat is one of the most damaging cybersecurity attacks to companies and organizations. The threats are also hard to detect, largely due to its nature that malicious actions are performed by the insiders. In this paper, we explore different techniques to leverage spatial and temporal characteristics of user behaviours (actions). In particular, feature normalization (scaling) techniques and a scheme for representing explicit temporal information are explored to improve the performance of the machine learning based insider threat detection systems. The obtained results show that these data characteristics have different effects on different insider threat classifiers. This shows a promising future research direction for further analysis of different user behaviours.
@INPROCEEDINGS{Ferreira_cnsm2019,
AUTHOR="Pedro Ferreira and Duc C. Le and Nur Zincir-Heywood",
TITLE="Exploring Feature Normalization and Temporal Information for Machine
Learning Based Insider Threat Detection",
BOOKTITLE="International Conference on Network and Service Management (CNSM 2019)",
ADDRESS="Halifax, Canada",
url_Paper = {http://dl.ifip.org/db/conf/cnsm/cnsm2019/1570566066.pdf},
DAYS=21,
MONTH=oct,
YEAR=2019,
KEYWORDS="Insider Threat Detection; data normalization; temporal information",
ABSTRACT="Insider threat is one of the most damaging cybersecurity attacks to
companies and organizations. The threats are also hard to detect, largely
due to its nature that malicious actions are performed by the insiders. In
this paper, we explore different techniques to leverage spatial and
temporal characteristics of user behaviours (actions). In particular,
feature normalization (scaling) techniques and a scheme for representing
explicit temporal information are explored to improve the performance of
the machine learning based insider threat detection systems. The obtained
results show that these data characteristics have different effects on
different insider threat classifiers. This shows a promising future
research direction for further analysis of different user behaviours."
}
Downloads: 0