Against Insider Threats with Hybrid Anomaly Detection with Local-Feature Autoencoder and Global Statistics (LAGS)

Minhae JANG  Yeonseung RYU  Jik-Soo KIM  Minkyoung CHO  

IEICE TRANSACTIONS on Information and Systems   Vol.E103-D   No.4   pp.888-891
Publication Date: 2020/04/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2019EDL8180
Type of Manuscript: LETTER
Category: Dependable Computing
abnormal detection,  sequence-to-sequence learning,  autoencoder,  reconstruction error,  

Full Text: PDF>>
Buy this Article

Internal user threats such as information leakage or system destruction can cause significant damage to the organization, however it is very difficult to prevent or detect this attack in advance. In this paper, we propose an anomaly-based insider threat detection method with local features and global statistics over the assumption that a user shows different patterns from regular behaviors during harmful actions. We experimentally show that our detection mechanism can achieve superior performance compared to the state of the art approaches for CMU CERT dataset.