AUTH: An Adversarial Autoencoder Based Unsupervised Insider Threat Detection Scheme for Multisource Logs

Deep learning has shown broad research prospects in addressing insider threats, a serious problem currently facing industrial information systems. Although deep learning is able to capture effective feature representations from complex multidimensional data, there are still issues such as strong ste...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on industrial informatics 2024-09, Vol.20 (9), p.10954-10965
Main Authors: Zhu, Xingjian, Dong, Jiankuo, Qi, Jin, Zhou, Zhenguo, Dong, Zhenjiang, Sun, Yanfei, Wang, Moyu
Format: Article
Language:English
Subjects:
Adversarial autoencoder
Deep learning
Feature extraction
Hidden Markov models
Information systems
insider threat detection
Long short term memory
Machine learning
Multidimensional data
Multidimensional methods
Performance enhancement
Threat assessment
time series data
Training
unsupervised learning
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Deep learning has shown broad research prospects in addressing insider threats, a serious problem currently facing industrial information systems. Although deep learning is able to capture effective feature representations from complex multidimensional data, there are still issues such as strong stealth of insider threat behavior and the imbalance data that need to be solved. Therefore, we propose an adversarial Autoencoder based Unsupervised insider Threat detection scHeme (AUTH). Compared to other methods, AUTH fully considers the role of time feature and event feature in threat detection. In addition, in order to improve the performance of autoencoder models to detect covert threat behaviors, AUTH drives a temporal convolutional network and long short-term memory network-based Adversarial Autoencoder (TL-AAE). Generative Adversarial Theory is introduced to solve the problem of uncertainty in the latent feature of the encoder. Finally, with the sufficient experiments on public datasets, we demonstrate that the usefulness of adding time features and the proposed TL-AAE model to improve threat detection performance. Compared with the baseline, AUTH obtains the area under curve value of 0.932, which is 4.95% higher than the highest result obtained by the baseline. In addition, AUTH obtains the EER value of 0.146, which is 12.57% lower than the lowest result of the baseline.
ISSN:1551-3203
1941-0050
DOI:10.1109/TII.2024.3393491