Neural networks technology of insider threats detection based on user behavior logs
DOI: 10.31673/2409-7292.2018.043543
DOI:
https://doi.org/10.31673/2409-7292.2018.043543Abstract
The article examines one of the methods for identifying insider threats based on the analysis of user behavior logs using artificial neural deep belief networks. It is shown that for efficient use of deep belief networks there is a need to optimize the network structure with the search for the optimal number of hidden layers and the number of nodes in each layer. An algorithm for adaptive network optimization using a selection procedure based on the dichotomy method and the golden section rules is proposed. A simulation was carried out, during which the reliability of detecting the threat at the level of 91 - 92% was achieved.
Keywords: insider, insider threat, user behavior log, deep belief network, adaptive optimization.
References
1. Insider Threat. 2018 Report. Crowd Research Partners. Режим доступу https://www.ca.com/content/dam/ca/us/files/ebook/insider-threat-report.pdf
2. Greitzer FL, Moore AP, Cappelli DM, Andrews DH, Carroll LA, Hull TD. Combating the insider cyber threat. IEEE Secur Priv 2008; 6: 61-64.
3. Мартьянов Е.А. Возможность выявления инсайдера статистическими методами // Системы и средства автоматики. ‒2017, т. 27, № 2. ‒ С. 41‒ 47.
4. Chandola, V.; Banerjee, A.; and Kumar, V. 2012. Anomaly detection for discrete sequences: A survey. IEEE TKDE 24(5):823–839.
5. Carter, K. M., and Streilein, W. W. 2012. Probabilistic reasoning for streaming anomaly detection. InProc. SSP, 377–380.
6. Gavai, G.; Sricharan, K.; Gunning, D.; Hanley, J.; Singhal, M.; and Rolleston, R. 2015. Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data.Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications6(4):47–63.
7. Hinton GE, Salakhutdinov RR. Reducing the dimensionality of data with neural networks. Science 2006; 313: 504.
8. Zeiler MD, Fergus R. Visualizing and understanding convolutional networks. In: European Conference on Computer Vision; 6–12 September 2014; Zurich, Switzerland. pp. 818-833.
9. Cao LL, Huang WB, Sun FC. Building feature space of extreme learning machine with sparse denoising stackedautoencoder. Neurocomputing 2016; 174: 60-71.
10. Hinton GE, Osindero S, Teh YW. A fast learning algorithm for deep belief nets. Neural Comput 2006; 18: 1527-1554.
11.Bengio Y. Learning Deep Architectures for AI. Foundations and Trends in Machine Learning. Delft, the Netherlands: Now Publishers, 2009.
12. Hinton GE. A practical guide to training restricted Boltzmann machines. In: Montavon G, editor. Neural Networks: Tricks of the Trade 2012. 2nd ed. Berlin, Germany: Springer. pp. 599-619.
13. Salakhutdinov R, Hiton G. An efficient learning procedure for deep boltzman machines. Neural Comput 2012; 24: 1967-2006.
14. Hiton GE. Training products of experts by minimizing contrastive divergence. Neural Comput 2002; 14: 1771-1800.
15. Zhang J., Chen Y., Ju A. Insider threat detection of adaptive optimization DBN for behavior logs. Turkish Journal of Electrical Engineering & Computer Sciences. (2018) 26: 792 – 802.
16.Ioffe S., Szegedy C. Batch Normalization: Accelerating Deep Network Training b y Reducing Internal Covariate Shift. Mode of Access: https://arxiv.org/pdf/1502.03167.pdf
17. Stakhov A.P. The generalized principle of the golden section and its applications in mathematics, science, and engineering. Chaos Soliton Fract 2005; 26: 1157-1182.
18. Keras: The Python Deep Learning library. Mode of Access https://keras.io/
