Search

Your search keyword '"Insider threat"' showing total 1,503 results
Start Over Descriptor "Insider threat"
1,503 results on '"Insider threat"'

4. Insider Threat

Author

Bishop, Matt, Jajodia, Sushil, editor, Samarati, Pierangela, editor, and Yung, Moti, editor

Published
2025
Full Text
View/download PDF

5. Enabling Privacy in IT Service Operations

Author

Gupta, Rohit, Kumar, Rishabh, Mondal, Sutapa, Gharote, Mangesh, Lodha, Sachin, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Patil, Vishwas T., editor, Krishnan, Ram, editor, and Shyamasundar, Rudrapatna K., editor

Published
2025
Full Text
View/download PDF

6. From Traits to Threats: Learning Risk Indicators of Malicious Insider Using Psychometric Data

Author

Nanamou, N’Famoussa Kounon, Neal, Christopher, Boulahia-Cuppens, Nora, Cuppens, Frédéric, Bkakria, Anis, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Patil, Vishwas T., editor, Krishnan, Ram, editor, and Shyamasundar, Rudrapatna K., editor

Published
2025
Full Text
View/download PDF

7. Analysing Cyber Attacks and Cyber Security Vulnerabilities in the University Sector.

Author

Lallie, Harjinder Singh, Thompson, Andrew, Titis, Elzbieta, and Stephens, Paul

Abstract

Universities hold and process vast amounts of financial, user, and research data, which makes them prime targets for cybercriminals. In addition to the usual external threat actors, universities face a unique insider threat from students, who—alongside staff—may lack adequate cyber security training despite having access to various sensitive systems. This paper provides a focused assessment of the current cyber security threats facing UK universities, based on a comprehensive review of available information. A chronological timeline of notable cyber attacks against universities is produced, with incidents classified according to the CIA triad (Confidentiality, Integrity, Availability) and incident type. Several issues have been identified. Limited disclosure of attack details is a major concern, as full information is often withheld for security reasons, hindering institutions' abilities to assess vulnerabilities thoroughly and respond effectively. Additionally, universities increasingly rely on third-party service providers for critical services, meaning that an attack on these external providers can directly impact university operations and data security. While SQL injection attacks, previously a significant issue, appear to have declined in frequency—perhaps reflecting improvements in defences—other threats continue to persist. Universities report lower levels of concern regarding DDoS attacks, potentially due to enhanced resilience and mitigation strategies; however, ransomware and phishing attacks remain prevalent. Insider threats, especially from students with varied IT skills, exacerbate these risks, as insiders may unknowingly or maliciously facilitate cyber attacks, posing ongoing challenges for university IT teams. This study recommends that universities leverage these insights, along with other available data, to refine their cyber security strategies. Developing targeted policies, strengthening training, and implementing international standards will allow universities to enhance their security posture and mitigate the complex and evolving threats they face. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

8. Law-Abiding Criminals: How a Group of Military Over-Interested Persons Became a Threat Against National Security.

Author

Bergman, David M.

Subjects
*SOCIAL networks, *NATIONAL security, *RISK assessment, *ORGANIZATIONAL research, *SPIES
Abstract

The present case study examines a new form of security threat in the form of a network of "military over-interested persons" who tried to perform a mapping of Sweden's classified military infrastructure. What makes them stand out is that they seem to have had no malicious intent, unlike the more frequently studied areas of spies and other insider threats. The results indicate that an obsessive military interest and a "perfect storm" of factors—individual risk factors, a toxic social network, and the false safety of a closed military web forum—allowed the individuals to commit serious crimes. Implications for the security of military organizations and future research are discussed. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

9. "The pull to do nothing would be strong": limitations & opportunities in reporting insider threats.

Author

Holden, Heather, Munro, Victor, Tsakiris, Lina, and Wilner, Alex

Subjects
*COGNITIVE dissonance, *NATIONAL security, *FINANCIAL services industry, *ACQUISITION of data, *LABOR supply
Abstract

Though a reporting mechanism, in which employees report suspicious and/or potentially malicious coworker behavior, is thought to be important to tackling insider risk, the literature on the subject is sparse and unconvincing. Empirical evidence of the actual use and utility of this type of detection mechanism is slim. Our article explores the propensity of employees to report a coworker's concerning behavior suspected to be related to insider activity that would negatively impact an organization. This study uses an inductive approach and qualitative analysis of original interview data collected from 16 financial services organizations to explore attitudes and opinions about reporting a coworker's concerning behavior, providing lessons on countering insider threats useful across industries and national security domains. The results show that there is confusion, uncertainty, and cognitive dissonance surrounding institutional reporting mechanisms, with some participants expressing both affirmative and negative opinions about their personal likelihood of reporting. Employees do want to report concerning coworker behavior that suggests an insider threat, but not at their own expense. These results are consistent with those from other studies and sectors. Our study will assist organizations in refining their assumptions around workforce attitudes regarding the reporting of coworkers. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

10. Sentiment classification for insider threat identification using metaheuristic optimized machine learning classifiers

Author

Djordje Mladenovic, Milos Antonijevic, Luka Jovanovic, Vladimir Simic, Miodrag Zivkovic, Nebojsa Bacanin, Tamara Zivkovic, and Jasmina Perisic

Subjects
Insider threat, Natural language processing, Hyperparameter optimization, XGBoost, AdaBoost, Medicine, Science
Abstract

Abstract This study examines the formidable and complex challenge of insider threats to organizational security, addressing risks such as ransomware incidents, data breaches, and extortion attempts. The research involves six experiments utilizing email, HTTP, and file content data. To combat insider threats, emerging Natural Language Processing techniques are employed in conjunction with powerful Machine Learning classifiers, specifically XGBoost and AdaBoost. The focus is on recognizing the sentiment and context of malicious actions, which are considered less prone to change compared to commonly tracked metrics like location and time of access. To enhance detection, a term frequency-inverse document frequency-based approach is introduced, providing a more robust, adaptable, and maintainable method. Moreover, the study acknowledges the significant impact of hyperparameter selection on classifier performance and employs various contemporary optimizers, including a modified version of the red fox optimization algorithm. The proposed approach undergoes testing in three simulated scenarios using a public dataset, showcasing commendable outcomes.

Published
2024
Full Text
View/download PDF

11. Detect Insider Threat with Associated Session Graph.

Author

Ding, Junmei, Qian, Peng, Ma, Jing, Wang, Zhiqiang, Lu, Yueming, and Xie, Xiaqing

Subjects
GRAPH neural networks, ANOMALY detection (Computer security), BEHAVIORAL assessment, FEATURE extraction, DATA security failures
Abstract

Insider threats pose significant risks to organizational security, often leading to severe data breaches and operational disruptions. While foundational, traditional detection methods suffer from limitations such as labor-intensive rule creation, lack of scalability, and vulnerability to evasion by sophisticated attackers. Recent advancements in graph-based approaches have shown promise by leveraging behavior analysis for threat detection. However, existing methods frequently oversimplify session behaviors and fail to extract fine-grained features, which are critical for identifying subtle malicious activities. In this paper, we propose a novel approach that integrates session graphs to capture multi-level fine-grained behavioral features. First, seven heuristic rules are defined to transform user activities across different hosts and sessions into an associated session graph while extracting features at both the activity and session levels. Furthermore, to highlight critical nodes in the associated session graph, we introduce a graph node elimination technique to normalize the graph. Finally, a graph convolutional network is employed to extract features from the normalized graph and generate behavior detection results. Extensive experiments on the CERT insider threat dataset demonstrate the superiority of our approach, achieving an accuracy of 99% and an F1-score of 99%, significantly outperforming state-of-the-art models. The ASG method also reduces false positive rates and enhances the detection of subtle malicious behaviors, addressing key limitations of existing graph-based methods. These findings highlight the potential of ASG for real-world applications such as enterprise network monitoring and anomaly detection, and suggest avenues for future research into adaptive learning mechanisms and real-time detection capabilities. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

12. Insider threat detection using supervised machine learning algorithms: Insider threat detection using supervised machine learning algorithms: P. Manoharan et al.

Author

Manoharan, Phavithra, Yin, Jiao, Wang, Hua, Zhang, Yanchun, and Ye, Wenjie

Subjects
SUPERVISED learning, MACHINE learning, ARTIFICIAL intelligence, AUTOENCODER, FEATURE extraction
Abstract

Insider threats refer to abnormal actions taken by individuals with privileged access, compromising system data's confidentiality, integrity, and availability. They pose significant cybersecurity risks, leading to substantial losses for several organizations. Detecting insider threats is crucial due to the imbalance in their datasets. Moreover, the performance of existing works has been evaluated on various datasets and problem settings, making it challenging to compare the effectiveness of different algorithms and offer recommendations to decision-makers. Furthermore, no existing work investigates the impact of changing hyperparameters. This paper aims to objectively assess the performance of various supervised machine learning algorithms for detecting insider threats under the same setting. We precisely evaluate the performance of various supervised machine learning algorithms on a balanced dataset using the same feature extraction method. Additionally, we explore the impact of hyperparameter tuning on performance within the balanced dataset. Finally, we investigate the performance of different algorithms in the context of imbalanced datasets under various conditions. We conduct all the experiments in the publicly available CERT r4.2 dataset. The results show that supervised learning with a balanced dataset in RF obtains the best accuracy and F1-score of 95.9% compared with existing works, such as, DNN, LSTM Autoencoder and User Behavior Analysis. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

15. Unveiling Human Factors: Aligning Facets of Cybersecurity Leadership, Insider Threats, and Arsonist Attributes to Reduce Cyber Risk

Author

Laura A. Jones

Subjects
arsonist, criminology, cybersecurity, fire-setting, human factors, insider threat, organizational arsonist, motivation, pyromania, risk management, Sociology (General), HM401-1281, Economic history and conditions, HC10-1085
Abstract

This qualitative study is a systematic literature review (draws on literature primarily published within the last five years) addresses a comprehensive approach to a crucial but often overlooked aspect of cybersecurity: the human factors underlying insider threats. Attention is focused on the so-called “organizational arsonists” – individuals who willfully seek to adversely impact the organization by inducing anarchy aligned with their own motivations, insiders who purposefully damage their companies using digital methods, someone intentionally causing mayhem within a company, which can be criminal in cyber environments. The purpose of the research is to identify how cybersecurity leadership can effectively detect and mitigate the risks associated with insiders, particularly those exhibiting arsonist-like behaviors. Review uncovering that organizational arsonists can escalate cybersecurity risks substantially, with insider incidents costing organizations an average of $16.2 million per incident. These incidents now represent a persistent challenge, increasing in frequency by 68% over the past year according to the 2022 Insider Threat Report. The findings highlight the necessity of leadership strategies that preemptively recognize and neutralize potential insider threats to improve organizational resilience and security posture. This approach not only informs current cybersecurity practices but also aids in the development of targeted policies and refined regulatory measures. By integrating insights from psychology, criminology, and cybersecurity, the study provides a comprehensive understanding of the human elements influencing insider threats, essential for enhancing both academic knowledge and practical applications in risk management. The results showed a parallel between the motivations of arsonists who set physical fires to the characteristics and motivations of insider threats who exploit organizational vulnerabilities. The impact of this research can be helpful in assisting cybersecurity professionals, leaders who strategize against cyber threats, and risk managers and analysts who understand and mitigate human factors and insider threats. Leaders and executives may use these insights to improve security resource allocation and culture. Policymakers and regulators may use the study’s results to create more nuanced cybersecurity legislation, while academics and students in related disciplines can use it for future research.

Published
2024
Full Text
View/download PDF

16. A SYNTHESIS OF RESEARCH ON INSIDER THREATS IN CYBERSECURITY.

Author

Joubert, Daniël and Eloff, Jan

Subjects
GAUSSIAN mixture models, HUMAN behavior, TEXT mining, EVIDENCE gaps, CLOUD computing
Abstract

Today, the "Insider Threat" problem remains a persistent dilemma. It refers to insiders, working within an organisation and causing harm to the organisation. The problem is that although the notion of "Insider Threat" is regarded as one of the major cybersecurity threats, it is also one of the lesser researched fields in cybersecurity. Furthermore, it is difficult to make an overall assessment of what aspects of "Insider Threat"-research is currently being undertaken and if the current research is indeed relevant for minimising cybersecurity risks. This study employed a topic modelling approach toward the identification of current insider threat research topics. The topic modelling outputs revealed current insider threat research topics such as: insider threats based on human behaviour; insider threat attack detection on networks; insider threats in cloud computing; insider threat detection within technologies; and the human factor in insider threat attacks. The identified current insider threat research topics were evaluated against current cybersecurity trends, to identify research gaps. The findings reported in this paper clearly indicate a misalignment between current insider threat research and current cybersecurity trends. [ABSTRACT FROM AUTHOR]

Published
2024

17. Employee risk recognition and reporting of malicious elicitations: longitudinal improvement with new skills-based training.

Author

Caputo, Deanna D., Danley, Lura, and Ratcliff, Nathaniel J.

Subjects
PERFORMANCE awards, ELICITATION technique, TEXT messages, EMPLOYEE training, NATIONAL security
Abstract

Numerous security domains would benefit from improved employee risk recognition and reporting through effective security training. This study assesses the effectiveness of a new skills-based training approach to improve risk recognition and reporting of malicious elicitations. Malicious elicitations are techniques that strategically use conversation (i.e., online, in writing, in person, or over the phone) with the sole purpose of collecting sensitive, non-publicly available information about business operations, people, or technological assets without raising suspicion. To an untrained observer, a skilled elicitor can make conversations seem analogous to many professional networking situations such as those experienced over email and at conferences. A 12-month longitudinal experimental study was conducted to test training effectiveness on employees of a large corporation that focuses on serving national security needs and the public interest. Half of participants were randomly assigned to receive traditional awareness-based training (i.e., reviewing informational slides) while the other half of participants received a new skills-based training that allowed them--over the course of five weeks--to iteratively practice skills learned in the training and receive feedback on their performance in their day-to-day work environment. Following training for both experimental groups, malicious elicitations and benign professional networking test messages were sent (via email & text message) to unaware employee participants for 12 months. Findings revealed that skillsbased training improved reporting of malicious elicitations and lasted for up to 12 months compared to traditional awareness-based training.e [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

18. Applying a New Approach to Consider the Human Factor in the Design of Information Security Systems.

Author

Gaidarski, Ivan and Madzharov, Anastas

Subjects
ERGONOMICS, SECURITY systems, INDUSTRIAL relations, SYSTEM analysis, INFORMATION storage & retrieval systems
Abstract

A primary task of information security in modern organisations is to ensure the safety of their information assets. The most effective method is to develop and implement an information security system (ISS) that is designed for a specific organisation and meets the organisation-specific requirements. Two methods for creating ISS are considered in the article – development of a complex ISS through systems analysis and the authors’ method for the development of organisational ISS. These methods consider different viewpoints on the system. An example is given with Information Security Viewpoint and related concepts such as “Incident,” “Breach,” “Vulnerability,” “Threats,” “Threat Sources,” and a “Threat Agent” with taking the human factor in account. As the behaviour of employees in relation to the adopted information security policy cannot be predicted, it is necessary to foresee some measures in the process of designing the system. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

19. Method for the Detection of Internal Threats in Academic Campus Networks

Author

Barba-Vera, Ruth, Barragán-González, Byron, Ramos-Valencia, Marco, Mantilla-Cabrera, Carmen, Vaca-Barahona, Byron, Silva-Cárdenas, Carlos, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Garcia, Marcelo V., editor, Gordón-Gallegos, Carlos, editor, Salazar-Ramírez, Asier, editor, and Nuñez, Carlos, editor

Published
2024
Full Text
View/download PDF

20. An Empirical Study on Insider Threats Towards Crime Prevention Through Environmental Design (CPTED) : A Student Case Study

Author

Makila Beni, Robert, Mbale Kasunzi Mbaherya, Landry, Muhau, Jean-Auguste, Ilunga Wa Kuwita, Godwill, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Naik, Nitin, editor, Jenkins, Paul, editor, Prajapat, Shaligram, editor, and Grace, Paul, editor

Published
2024
Full Text
View/download PDF

22. National Security, Insider Threat Programs, and the Compliance-Industrial Complex: Reflections on Platformization in Corporate Policing, Intelligence, and Security

Author

Kuldova, Tereza Østbø, Aston, Elizabeth, Series Editor, Rowe, Michael, Series Editor, Bacon, Matthew, Editorial Board Member, Bartkowiak-Theron, Isabelle, Editorial Board Member, de Kimpe, Sofie, Editorial Board Member, du Maillard, Jacques, Editorial Board Member, Fyfe, Nick, Editorial Board Member, Huey, Laura, Editorial Board Member, Loftus, Bethan, Editorial Board Member, Malik, Ali, Editorial Board Member, Marks, Monique, Editorial Board Member, Nurse, Angus, Editorial Board Member, Porter, Louise, Editorial Board Member, Ugwudike, Pamela, Editorial Board Member, Willis, James J, Editorial Board Member, Wooff, Andrew, Editorial Board Member, Jaishankar, K., Editorial Board Member, Kuldova, Tereza Østbø, editor, Gundhus, Helene Oppen Ingebrigtsen, editor, and Wathne, Christin Thea, editor

Published
2024
Full Text
View/download PDF

23. Insider Threat Defense Strategies: Survey and Knowledge Integration

Author

Song, Chengyu, Zhang, Jingjing, Ma, Linru, Hu, Xinxin, Zheng, Jianming, Yang, Lin, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Cao, Cungeng, editor, Chen, Huajun, editor, Zhao, Liang, editor, Arshad, Junaid, editor, Asyhari, Taufiq, editor, and Wang, Yonghao, editor

Published
2024
Full Text
View/download PDF

26. A Study on Historical Behaviour Enabled Insider Threat Prediction

Author

Xiao, Fan, Hong, Wei, Yin, Jiao, Wang, Hua, Cao, Jinli, Zhang, Yanchun, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Song, Xiangyu, editor, Feng, Ruyi, editor, Chen, Yunliang, editor, Li, Jianxin, editor, and Min, Geyong, editor

Published
2024
Full Text
View/download PDF

30. Analysing Cyber Attacks and Cyber Security Vulnerabilities in the University Sector

Author

Harjinder Singh Lallie, Andrew Thompson, Elzbieta Titis, and Paul Stephens

Subjects
cyber crime, UK universities, cyber attack timeline, insider threat, student insider threat, human factors, Electronic computers. Computer science, QA75.5-76.95
Abstract

Universities hold and process vast amounts of financial, user, and research data, which makes them prime targets for cybercriminals. In addition to the usual external threat actors, universities face a unique insider threat from students, who—alongside staff—may lack adequate cyber security training despite having access to various sensitive systems. This paper provides a focused assessment of the current cyber security threats facing UK universities, based on a comprehensive review of available information. A chronological timeline of notable cyber attacks against universities is produced, with incidents classified according to the CIA triad (Confidentiality, Integrity, Availability) and incident type. Several issues have been identified. Limited disclosure of attack details is a major concern, as full information is often withheld for security reasons, hindering institutions’ abilities to assess vulnerabilities thoroughly and respond effectively. Additionally, universities increasingly rely on third-party service providers for critical services, meaning that an attack on these external providers can directly impact university operations and data security. While SQL injection attacks, previously a significant issue, appear to have declined in frequency—perhaps reflecting improvements in defences—other threats continue to persist. Universities report lower levels of concern regarding DDoS attacks, potentially due to enhanced resilience and mitigation strategies; however, ransomware and phishing attacks remain prevalent. Insider threats, especially from students with varied IT skills, exacerbate these risks, as insiders may unknowingly or maliciously facilitate cyber attacks, posing ongoing challenges for university IT teams. This study recommends that universities leverage these insights, along with other available data, to refine their cyber security strategies. Developing targeted policies, strengthening training, and implementing international standards will allow universities to enhance their security posture and mitigate the complex and evolving threats they face.

Published
2025
Full Text
View/download PDF

32. Time Aspect of Insider Threat Mitigation.

Author

Savchenko, V., Dzyuba, T., Matsko, O., Novikova, I., Havryliuk, I., and Polovenko, V.

Subjects
*MARKOV processes, *PSEUDOPOTENTIAL method, *CYBERTERRORISM, *SECURITY systems, *ORGANIZATION
Abstract

The article reveals the problem of mitigating an insider threat by creating a timebalanced security system in an organization. Based on Markov chain, the authors propose a basic model of interaction in an "organization - insider" system. The article analytically defines a ratio between the time of an insider attack and the time during which the organization's security system can neutralize it. The authors propose a concept of a multi-level system of organization protection, which takes into account the involved resources and practical skills of employees, as well as security services. At the end of the article, it is concluded that the proposed concept of the organization's protection system will be effective against potential insider attacks. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

33. Fiends and Fools: A Narrative Review and Neo-socioanalytic Perspective on Personality and Insider Threats.

Author

Marbut, A. R. and Harms, P. D.

Subjects
*COUNTERPRODUCTIVITY (Labor), *PERSONALITY, *WORK-related injuries
Abstract

Insider threats represent a serious threat to organizations but are considered to be difficult to predict and prevent. Although a growing body of research has examined personological antecedents to insider threats, this literature lacks a unifying theoretical perspective connecting the characteristics that have been researched. In addition to cataloging the personality factors that have been associated with insider threat behaviors, this review also proposes neo-socioanalytic theory as a useful framework for organizing these factors and for distinguishing insider threats from counterproductive work behaviors and workplace accidents. The majority of risk and protective factors related to insider threats were shared for both malicious and non-malicious insider threat behaviors. However, the prior literature strongly suggests that malicious threats are motivated by selfishness and the rationalization of immoral behavior, while non-malicious threats are better understood as being associated with maladjustment and curiosity. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

34. M-EOS: modified-equilibrium optimization-based stacked CNN for insider threat detection.

Author

Anju, A. and Krishnamurthy, M.

Subjects
*CONVOLUTIONAL neural networks, *CYBERTERRORISM, *LEARNING strategies, *INFORMATION organization
Abstract

Insider threats remain a serious anxiety for organizations, government agencies, and businesses. Normally, the most hazardous cyber attacks are formed by trusted insiders and not by malicious outsiders. The malicious behaviors resulting from unplanned or planned mishandling of resources, data, networks, and systems of an organization constitute an insider threat. The unsupervised behavioral anomaly detection methods are mostly developed by the traditional machine learning methods for identifying unusual or anomalous variations in user behavior. The insider threat mainly originates from an individual inside the organization who is a current or former employee who has access to sensitive information about the organization. For achieving an improvement over traditional methods, the Stacked Convolutional Neural Network- Attentional Bi-directional Gated Recurrent Unit model is proposed in this paper to detect insider threats. The CNN-Attentional BiGRU model utilizes the user activity logs and user information for time-series classification. Using the log files, the temporal data representations, and weekly and daily numerical features from various sub-models of CNN are learned by the stacked generalization. Based on the chosen feature vectors, a model is trained on the CERT insider threat dataset. The stacked CNN is combined with the Attentional BiGRU model to incorporate more complex features of the user activity logs and user data during each convolution operation without raising network parameters. Thus the classification performance is improved with less complexity. The non-linear time control, chaos-based strategy, update rules, and opposite-based learning strategies are evaluated for generating the Modified-Equilibrium Optimization. The simulation outputs obtained by the model are 92.52% accuracy, 98% Precision, 95% Recall, and 96% F1-score. Thus, the proposed model has reached higher detection performance. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

35. Unveiling Human Factors: Aligning Facets of Cybersecurity Leadership, Insider Threats, and Arsonist Attributes to Reduce Cyber Risk.

Author

Jones, Laura A.

Subjects
INTERNET security, LEADERSHIP, CRIMINOLOGY, RESOURCE allocation, RISK management in business
Abstract

This qualitative study is a systematic literature review (draws on literature primarily published within the last five years) addresses a comprehensive approach to a crucial but often overlooked aspect of cybersecurity: the human factors underlying insider threats. Attention is focused on the so-called "organizational arsonists" -- individuals who willfully seek to adversely impact the organization by inducing anarchy aligned with their own motivations, insiders who purposefully damage their companies using digital methods, someone intentionally causing mayhem within a company, which can be criminal in cyber environments. The purpose of the research is to identify how cybersecurity leadership can effectively detect and mitigate the risks associated with insiders, particularly those exhibiting arsonist -like behaviors. Review uncovering that organizational arsonists can escalate cybersecurity risks substantially, with insider incidents costing organizations an average of $16.2 million per incident. These incidents now represent a persistent challenge, increasing in frequency by 68% over the past year according to the 2022 Insider Threat Report. The findings highlight the necessity of leadership strategies that preemptively recognize and neutralize potential insider threats to improve organizational resilience and security posture. This approach not only informs current cybersecurity practices but also aids in the development of targeted policies and refined regulatory measures. By integrating insights from psychology, criminology, and cybersecurity, the study provides a comprehensive understanding of the human elements influencing insider threats, essential for enhancing both academic knowledge and practical applications in risk management. The results showed a parallel between the motivations of arsonists who set physical fires to the characteristics and motivations of insider threats who exploit organizational vulnerabilities. The impact of this research can be helpful in assisting cybersecurity professionals, leaders who strategize against cyber threats, and risk managers and analysts who understand and mitigate human factors and insider threats. Leaders and executives may use these insights to improve security resource allocation and culture. Policymakers and regulators may use the study's results to create more nuanced cybersecurity legislation, while academics and students in related disciplines can use it for future research. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

36. Employee risk recognition and reporting of malicious elicitations: longitudinal improvement with new skills-based training

Author

Deanna D. Caputo, Lura Danley, and Nathaniel J. Ratcliff

Subjects
security, insider threat, insider risk, malicious elicitation, skills-based training, employee training, Psychology, BF1-990
Abstract

Numerous security domains would benefit from improved employee risk recognition and reporting through effective security training. This study assesses the effectiveness of a new skills-based training approach to improve risk recognition and reporting of malicious elicitations. Malicious elicitations are techniques that strategically use conversation (i.e., online, in writing, in person, or over the phone) with the sole purpose of collecting sensitive, non-publicly available information about business operations, people, or technological assets without raising suspicion. To an untrained observer, a skilled elicitor can make conversations seem analogous to many professional networking situations such as those experienced over email and at conferences. A 12-month longitudinal experimental study was conducted to test training effectiveness on employees of a large corporation that focuses on serving national security needs and the public interest. Half of participants were randomly assigned to receive traditional awareness-based training (i.e., reviewing informational slides) while the other half of participants received a new skills-based training that allowed them—over the course of five weeks—to iteratively practice skills learned in the training and receive feedback on their performance in their day-to-day work environment. Following training for both experimental groups, malicious elicitations and benign professional networking test messages were sent (via email & text message) to unaware employee participants for 12 months. Findings revealed that skills-based training improved reporting of malicious elicitations and lasted for up to 12 months compared to traditional awareness-based training.

Published
2024
Full Text
View/download PDF

37. A Review of the Insider Threat, a Practitioner Perspective Within the U.K. Financial Services

Author

Findlay Whitelaw, Jackie Riley, and Nebrase Elmrabit

Subjects
Financial services, insider threat, insider threat strategies, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

The insider threat within organisational cybersecurity continues to be of great concern globally. The current insider threat detection strategies are acknowledged as ineffective, evidenced by the increased reported events in high-profile insider threats and cyber data loss cases borne from insider and privilege misuse. The impact of insider incidents on Financial Service (FS) organisations is vast, operationally disruptive, and costly from a regulatory, financial, and reputational perspective. Many United Kingdom (UK) FS organisations have invested in insider risk programmes, but there is no sign of the insider threat diminishing. This paper will address the following research questions: 1) What factors influence employees to become malicious insider threats and apply this to employees working within the UK? 2) What preventative measures could be effectively operationalised within UK FS organisations to prevent malicious insider attacks? A literature review was conducted, reviewing 54 articles in peer-reviewed journals. Additional and relevant articles were incorporated to enrich the review, further substantiating the academic currency and context of the study. The review reveals five primary emerging insider threat themes, subsequently discussed and including behavioural indicators, information security behaviours, technical controls, insider threat strategies, and regulation. Throughout the literature review, one primary challenge highlighted the lack of articles published concerning the FS industry; however, the studies reviewed were relevant, appropriate, and applied across this review. Furthermore, the review also considers outcomes from a practitioner’s perspective, offering insights into the limitations of insider threat approaches and strategies and offering potential recommendations.

Published
2024
Full Text
View/download PDF

38. FedITD: A Federated Parameter-Efficient Tuning With Pre-Trained Large Language Models and Transfer Learning Framework for Insider Threat Detection

Author

Zhi Qiang Wang, Haopeng Wang, and Abdulmotaleb El Saddik

Subjects
Cybersecurity, insider threat, deep learning, transformer, BERT, RoBERTa, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Insider threats cause greater losses than external attacks, prompting organizations to invest in detection systems. However, there exist challenges: 1) Security and privacy concerns prevent data sharing, making it difficult to train robust models and identify new attacks. 2) The diversity and uniqueness of organizations require localized models, as a universal solution could be more effective. 3) High resource costs, delays, and data security concerns complicate building effective detection systems. This paper introduces FedITD, a flexible, hierarchy, and federated framework with local real-time detection systems, combining Large Language Models (LLM), Federated Learning (FL), Parameter Efficient Tuning (PETuning), and Transfer Learning (TF) for insider threat detection. FedITD uses FL to protect privacy while indirect integrating client information and employs PETuning methods (Adapter, BitFit, LoRA) with LLMs (BERT, RoBERTa, XLNet, DistilBERT) to reduce resource use and time delay. FedITD customizes client models and optimizes performance via transfer learning without central data transfer, further enhancing the detection of new attacks. FedITD outperforms other federated learning methods and its performance is very close to the best centrally trained method. Extensive experiment results show FedITD’s superior performance, adaptability to varied data, and reduction of resource costs, achieving an optimal balance in detection capabilities across source data, unlabeled local data, and global data. Alternative PETuning implementations are also explored in this paper.

Published
2024
Full Text
View/download PDF

39. Robust Federated Learning for execution time-based device model identification under label-flipping attack.

Author

Sánchez Sánchez, Pedro Miguel, Huertas Celdrán, Alberto, Buendía Rubio, José Rafael, Bovet, Gérôme, and Martínez Pérez, Gregorio

Subjects
*FEDERATED learning, *DATA privacy, *DEEP learning, *ELECTRONIC data processing, *HUMAN fingerprints, *DATA protection
Abstract

The computing device deployment explosion experienced in recent years, motivated by the advances of technologies such as Internet-of-Things (IoT) and 5G, has led to a global scenario with increasing cybersecurity risks and threats. Among them, device spoofing and impersonation cyberattacks stand out due to their impact and, usually, low complexity required to be launched. To solve this issue, several solutions have emerged to identify device models and types based on the combination of behavioral fingerprinting and Machine/Deep Learning (ML/DL) techniques. However, these solutions are not appropriate for scenarios where data privacy and protection are a must, as they require data centralization for processing. In this context, newer approaches such as Federated Learning (FL) have not been fully explored yet, especially when malicious clients are present in the scenario setup. The present work analyzes and compares the device model identification performance of a centralized DL model with an FL one while using execution time-based events. For experimental purposes, a dataset containing execution-time features of 55 Raspberry Pis belonging to four different models has been collected and published. Using this dataset, the proposed solution achieved 0.9999 accuracy in both setups, centralized and federated, showing no performance decrease while preserving data privacy. Later, the impact of a label-flipping attack during the federated model training is evaluated using several aggregation mechanisms as countermeasures. Zeno and coordinate-wise median aggregation show the best performance, although their performance greatly degrades when the percentage of fully malicious clients (all training samples poisoned) grows over 50%. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

40. Cloud leakage in higher education in South Africa: A case of University of Technology.

Author

Ntloedibe, Tshepiso, Foko, Thato, and Segooa, Mmatshuene A.

Abstract

Background: Users with knowledge of an organisation can pose risks to Cloud Computing, including current and past employees and external stakeholders with access to the organisation's cloud. These insiders may engage in intentional or unintentional disruptive behaviors, causing significant harm to the organisation. A study focused on insider threats in South African higher education examined the tactics used by cybersecurity leaders to enforce cybersecurity policies. Objectives: The goal of this study was to develop a comprehensive insider mitigation framework for cloud leakage in a South African University. Method: The study employed qualitative methodologies and a case study approach. Open-ended interviews were conducted to collect data from the participants. The collected data was coded and analysed using ATLAS.ti 22. Results: The study's findings revealed that some of the major sources of cloud leakage are a lack of effective training, ineffective information security (IS) policy regulation, and the implementation of information security awareness workshops that provided advice on how information security should be managed in the university. Conclusion: Insider threats pose a serious risk to organisations. To mitigate this threat, it is crucial for organisations to establish strong security policies and closely monitor employee activities. By conducting a thorough assessment of insider threats, organisations can enhance their understanding of this dynamic threat and strengthen their defenses. Contribution: Although every employee is ultimately responsible for an organisation's security, the most effective IS programmes demonstrate strong top-level leadership by setting a 'tone at the top' and promoting the benefits of IS through careful policy and guidance. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

41. Developing Novel Deep Learning Models to Detect Insider Threats and Comparing the Models from Different Perspectives.

Author

Görmez, Yasin, Arslan, Halil, Işık, Yunus Emre, and Gündüz, Veysel

Subjects
LONG short-term memory, CONVOLUTIONAL neural networks, STATISTICAL significance, MACHINE learning, BEHAVIORAL assessment, DEEP learning, FALSE discovery rate
Abstract

Copyright of International Journal of InformaticsTechnologies is the property of Institute of Informatics, Gazi University and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

42. Insider Threat Detection on an Imbalanced Dataset Using Balancing Methods

Author

Dinardo, Keir, Lemoudden, Mouad, Ahmad, Jawad, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, and Arai, Kohei, editor

Published
2023
Full Text
View/download PDF

43. Analyzing Information Security Among Nonmalicious Employees

Author

Morris, Elerod D., Muller, S. Raschid, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Nguyen, Thi Dieu Linh, editor, Verdú, Elena, editor, Le, Anh Ngoc, editor, and Ganzha, Maria, editor

Published
2023
Full Text
View/download PDF

44. To Catch a Thief: Examining Socio-technical Variables and Developing a Pathway Framework for IP Theft Insider Attacks

Author

Whitty, Monica T., Ruddy, Christopher, Keatley, David A., Rannenberg, Kai, Editor-in-Chief, Soares Barbosa, Luís, Editorial Board Member, Goedicke, Michael, Editorial Board Member, Tatnall, Arthur, Editorial Board Member, Neuhold, Erich J., Editorial Board Member, Stiller, Burkhard, Editorial Board Member, Stettner, Lukasz, Editorial Board Member, Pries-Heje, Jan, Editorial Board Member, Kreps, David, Editorial Board Member, Rettberg, Achim, Editorial Board Member, Furnell, Steven, Editorial Board Member, Mercier-Laurent, Eunika, Editorial Board Member, Winckler, Marco, Editorial Board Member, Malaka, Rainer, Editorial Board Member, and Clarke, Nathan, editor

Published
2023
Full Text
View/download PDF

45. Analysis of Malicious Intruder Threats to Data Integrity

Author

Padiet, Peter, Islam, Rafiqul, Khan, M. Arif, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Daimi, Kevin, editor, and Al Sadoon, Abeer, editor

Published
2023
Full Text
View/download PDF

46. MUEBA: A Multi-model System for Insider Threat Detection

Author

Liu, Jing, Zhang, Jingci, Du, Changcun, Wang, Dianxin, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Xu, Yuan, editor, Yan, Hongyang, editor, Teng, Huang, editor, Cai, Jun, editor, and Li, Jin, editor

Published
2023
Full Text
View/download PDF

47. A novel user oriented network forensic analysis tool

Author

Joy, Dany

Subjects
Digital Forensics, Network Forensics, Insider Threat, Online User Interactions, Network Metadata Analysis, Timeline of User Interactions
Abstract

In the event of a cybercrime, it is necessary to examine the suspect's digital device(s) in a forensic fashion so that the culprit can be presented in court along with the extracted evidence(s). But, factors such as existence and availability of anti-forensic tools/techniques and increasing replacement of hard disk drives with solid state disks have the ability to eradicate critical evidences and/or ruin their integrity. Therefore, having an alternative source of evidence with a lesser chance of being tampered with can be beneficial for the investigation. The organisational network traffic can fit into this role as it is an independent source of evidence and will contain a copy of all online user activities. Limitations of prevailing network traffic analysis techniques - packet based and flow based - are reflected as certain challenges in the investigation. The enormous volume and increasing encrypted nature of traffic, the dynamic nature of IP addresses of users' devices, and the difficulty in extracting meaningful information from raw traffic are among those challenges. Furthermore, current network forensic tools, unlike the sophisticated computer forensic tools, are limited in their capability to exhibit functionalities such as collaborative working, visualisation, reporting and extracting meaningful user-level information. These factors increase the complexity of the analysis, and the time and effort required from the investigator. The research goal was set to design a system that can assist in the investigation by minimising the effects of the aforementioned challenges, thereby reducing the cognitive load on the investigator, which, the researcher thinks, can take the investigator one step closer to the culprit. The novelty of this system comes from a newly proposed interaction based analysis approach, which will extract online user activities from raw network metadata. Practicality of the novel interaction-based approach was tested by designing an experimental methodology, which involved an initial phase of the researcher looking to identify unique signatures for activities performed on popular Internet applications (BBC, Dropbox, Facebook, Hotmail, Google Docs, Google Search, Skype, Twitter, Wikipedia, and YouTube) from the researcher's own network metadata. With signatures obtained, the project moved towards the second phase of the experiment in which a much larger dataset (network traffic collected from 27 users for over 2 months) was analysed. Results showed that it is possible to extract unique signature of online user activities from raw network metadata. However, due to the complexities of the applications, signatures were not found for some activities. The interaction-based approach was able to reduce the data volume by eliminating the noise (machine to machine communication packets) and to find a way around the encryption issue by using only the network metadata. A set of system requirements were generated, based on which a web based, client-server architecture for the proposed system (i.e. the User-Oriented Network Forensic Analysis Tool) was designed. The system functions in a case management premise while minimising the challenges that were identified earlier. The system architecture led to the development of a functional prototype. An evaluation of the system by academic experts from the field acted as a feedback mechanism. While the evaluators were satisfied with the system's capability to assist in the investigation and meet the requirements, drawbacks such as inability to analyse real-time traffic and meeting the HCI standards were pointed out. The future work of the project will involve automated signature extraction, real-time processing and facilitation of integrated visualisation.

Published
2021

48. Understanding insider threats using Natural Language Processing

Author

Paxton-Fear, Kate, Hodges, D., and Buckley, O.

Subjects
CYber security, Insider threat, Natural language processing, Organic narratives, Topic modelling
Abstract

Insider threats are security incidents committed not by outsiders, such as malicious hack ers or advanced persistent threat groups, but instead an organisation's employees or other trusted individuals. These attacks are often more impactful than incidents committed by outsiders. Insiders may have valid security credentials, knowledge relating to the organ isation they work for (such as competitors), knowledge of security controls in place and potentially how to bypass those controls. This activity could be unintentional, such as an employee leaving a laptop on public transport, or malicious, when an insider purposefully chooses to attack for some gain, such as selling IP to a competitor. When an outsider chooses to attack, they may leave digital breadcrumbs as they perform various stages of the cyber kill-chain. These breadcrumbs can allow organisations to detect and respond to an incident, flagging suspicious behaviour or access. Comparatively, an insider may be able to continue their attack for years for being caught. Therefore, insider threat activity can be considered co-spatial and co-temporal with legitimate activity; an insider conducts their attack during their work or very soon after leaving their jobs. There are three fundamental approaches to control the risk of malicious insider threats: organisational, technical, and psychological. More recently, insider threat models attempt to encapsulate all these factors into one approach, combining all these into a single frame work or model. However, one issue with these models is their static nature; models cannot adapt as insider threat changes. For example, during the COVID-19 Pandemic, many or ganisations had to support remote working, increasing the risk of attacks. This work attempts to address this flaw of models directly. Instead of attempting to supplant existing practices in these three domains, this work will support them, providing new techniques for exploring an insider threat attack to better understand the attack through the lens of strategic and tactical decision making. This dynamic, custom insider threat model can be constructed by leveraging natural language processing techniques, a type of machine learning completed on text, and a large corpus (body of documents) of news articles de scribing insider threat incidents. This model can then be applied to a new, previously unseen corpus of witness reports to offer an overview of the attack. The core technique this work uses is topic modelling, which uses word association to identify key themes across a document, similar to grounded theory approaches. By identifying themes across many different insider threat incidents, the core attributes of insider threat are recognised, such as methodologies, motivations, information about the insider's role in an organisa tion or the weakness they exploited. These topics can be further enriched by identifying temporal, casual and narrative clues to place events on a graph and create a timeline or causal chain. The final output of this process is a collection of visualisations of the incident; this visualisation then aims to support the investigator as they ask critical questions about an incident, such as "What was the motivation of the insider?" "What assets did they target and how?" "Were there any security controls in place?" "Did they bypass those?" allowing for the full exploration of the attack. Informed organisations can make changes using the answers to these questions combined with existing controls, policies, and procedures. The work presented in this thesis has many implications for both insider threat spe cifically and the broader domains of sociology and cyber security. Primarily this work introduces a new approach to incident response, supporting the reflection stage of incid ent response. While this work represents a proof of concept for NLP to be used in this way, due to the technical nature of this work, it could be improved to produce an implement able and deployable piece of software, generating further impact, while there would be some necessary training required, this could offer a new tool for handling insider threat within an organisation. Aside from this direct impact in the insider threat domain, the methods developed and designed during this work will have a broader impact on cyber security, mainly due to its interdisciplinary nature within social science. With the ability to leverage witness reports or organic narratives and map these automatically to an exist ing framework, rather than ask a witness to adapt their narrative to a framework directly. Reports can then be collected on a large scale and analysed. These techniques provide a holistic view of an attack, considering many aspects of an insider threat attack by using reports already collected after an incident to create a better understanding of insider threat which leads to more techniques in prevention and detection.

Published
2021

49. (Mis)Use of personal technology by employees in financial services organisations

Author

Collis, Raichel, Hicks, David, Henry, Phil, and Hodgson, Philip

Subjects
personal internet activity, Smartphone users, average users, personal digital activity in the workplace, risk of malware, social media, mobile applications, routine activity theory, cyberspace, cybercrime, insider threat, open source intelligence, OSINT, SOCMINT, digital investigation, unsafe online activity, digital footprint, employees, routine digital activity, Internet of Things, IoT, cyber risk
Abstract

This work presents a single methodology design across three different groups to chart the challenges and potential of digital investigation and to offer an original contribution to researchers seeking purposive samples specific to topical research questions. Open-source online intelligence theorised from an attacker's perspective is underpinned by a novel cyber-orientated framework of routine activity theory (RAT) (Cohen and Felson, 1979) to highlight digital footprint as a vector for targeted social engineering. Seventy-six (N=76) demographically diverse financial services employees from occupations throughout the sector provide empirical data via a mixed methods online survey. Cyber-specific RAT evaluates the 'average user' (with no specialist training) as a potential contributor to human assisted cybercrime threatening corporate networks through use of personal technologies and internet-based activities. Robust discussion debates routine digital activity using smartphones, tablets, and consumer Internet of Things (IoT) devices as an unmitigated factor for workplace risk. Personal internet use, devices accessing corporate networks, self-promotion on social media, physical and virtual IoT, executive personnel practicing 'unsafe' behaviours and assumed device security as licence for unrestricted online activity are key findings of this study which offers original contributions to critical assessment of insider threat. Despite employee (mis)use of personal technology as a potential vector financial organisations are seemingly unprepared for small-scale and dynamic risk. Results recommend bespoke training at all levels to associate personal use and online behaviour with known cyber risks and capacity for loss or harm. Cyber-RAT as a framework to identify suitable targets and potential for guardianship will contribute value added and assist in a more holistic response to cybercrime where the human element complements technological solutions as a positive enhancement to enterprise security.

Published
2021

50. Enhancing Insider Malware Detection Accuracy with Machine Learning Algorithms †.

Author

Kabir, Md. Humayun, Hasnat, Arif, Mahdi, Ahmed Jaser, Hasan, Mohammad Nadib, Chowdhury, Jaber Ahmed, and Fahim, Istiak Mohammad

Subjects
MACHINE learning, DIGITAL technology, RANDOM forest algorithms, FEATURE extraction, DECISION trees, BOOSTING algorithms
Abstract

One of the biggest cybersecurity challenges in recent years has been the risk that insiders pose. Internet consumers are susceptible to exploitation due to the exponential growth of network usage. Malware attacks are a major concern in the digital world. The potential occurrence of this threat necessitates specialized detection techniques and equipment, including the capacity to facilitate the precise and rapid detection of an insider threat. In this research, we propose a machine learning algorithm using a neural network to enhance malware detection accuracy in response to insider threats. A feature extraction, anomaly detection, and classification workflow are also proposed. We use the CERT4.2 dataset and preprocess the data by encoding text strings and differentiating threat and non-threat records. Our developed machine learning model incorporates numerous dense layers, ReLU activation functions, and dropout layers for regularization. The model attempts to detect and classify internal threats in the dataset with precision. We employed random forest, naive Bayes, KNN, SVM, decision tree, logical regression, and the gradient boosting algorithm to compare our proposed model with other classification techniques. Based on the results of the experiments, the proposed method functions properly and can detect malware more effectively and with 100% accuracy. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results