An Ensemble-based Insider threat detection System for Stream Data
Authors:
AJAYI Adebowale
Publication Type: Journal article
Journal: International Journal Of Advances In Engineering And Management (ijaem)
ISSN Number:
0
Downloads
151
Views
Abstract
—Early detection of insider threats despite the large volumes of networked data and similarity of breach data points with legitimate network activity remains a viable research area in information security. Conceptualizing network data as stream data helps in applying stream analytics for effective handling of the velocity and volume of data prevalent on most networks nowadays. This study adopted stream data methodologies for characterizing insider threat data as it is almost impossible to handle all the features in network data as its large size makes it impossible to store and the speed at which data points are collected makes it impossible to analyze all features at once. More importantly as attackers continually try to mimic legitimate actions, it is important to treat every new data point with a methodology that accommodates drifts in concepts. This study presents an algorithm for quantized dictionary construction for a compressed and concise reference for user command sequences while taking into consideration the feature evolution and concept drift characteristics of stream data. The study recommends the application of stream analytics for tackling the insider threat menace.