Open Access
ARTICLE
Ensemble Strategy for Insider Threat Detection from User Activity Logs
Shihong Zou1, Huizhong Sun1, *, Guosheng Xu1, Ruijie Quan2
1 School of Cyberspace Security, Beijing University of Posts and Telecommunication, Beijing, China.
2 Faculty of Engineering and Information Technology, University of Technology Sydney, Sydney, Australia.
* Corresponding Author: Huizhong Sun. Email: .
Computers, Materials & Continua 2020, 65(2), 1321-1334. https://doi.org/10.32604/cmc.2020.09649
Received 14 January 2020; Accepted 01 June 2020; Issue published 20 August 2020
Abstract
In the information era, the core business and confidential information of
enterprises/organizations is stored in information systems. However, certain malicious
inside network users exist hidden inside the organization; these users intentionally or
unintentionally misuse the privileges of the organization to obtain sensitive information
from the company. The existing approaches on insider threat detection mostly focus on
monitoring, detecting, and preventing any malicious behavior generated by users within an
organization’s system while ignoring the imbalanced ground-truth insider threat data
impact on security. To this end, to be able to detect insider threats more effectively, a data
processing tool was developed to process the detected user activity to generate informationuse events, and formulated a Data Adjustment (DA) strategy to adjust the weight of the
minority and majority samples. Then, an efficient ensemble strategy was utilized, which
applied the extreme gradient boosting (XGBoost) model combined with the DA strategy to
detect anomalous behavior. The CERT dataset was used for an insider threat to evaluate our
approach, which was a real-world dataset with artificially injected insider threat events. The
results demonstrated that the proposed approach can effectively detect insider threats, with
an accuracy rate of 99.51% and an average recall rate of 98.16%. Compared with other
classifiers, the detection performance is improved by 8.76%.
Keywords
Cite This Article
S. Zou, H. Sun, G. Xu and R. Quan, "Ensemble strategy for insider threat detection from user activity logs,"
Computers, Materials & Continua, vol. 65, no.2, pp. 1321–1334, 2020. https://doi.org/10.32604/cmc.2020.09649
Citations