Deep Learning for Insider Threat Detection

Insiders are malicious people within organizations who abuse their authorized access in a manner that compromises the confidentiality, integrity, or availability of information systems. Attacks from insiders are hard to detect and can cause significant loss to organizations. While the problem of insider threat detection has been studied for a long time, the traditional machine learning-based detection approaches, which heavily rely on feature engineering, are hard to accurately capture the behavior difference between insiders and normal users due to the dynamic and adaptive nature of insider threats. This project aims to develop novel deep learning approaches to achieve insider threat detection from complex user behavior data.


People

  • Shuhan Yuan
  • Xiao Han
  • He Cheng

Publications

  • Shuhan Yuan and Xintao Wu. “Deep Learning for Insider Threat Detection: Review, Challenges and Opportunities”. Computer & Security, 2021. [link] [arxiv]

  • Haixuan Guo, Shuhan Yuan and Xintao Wu. “LogBERT: Log Anomaly Detection via BERT”. In the Proceedings of the International Conference on Neural Networks (IJCNN), 2021. [arxiv] [code]


Acknowledgements

This material is based upon work supported by National Science Foundation under 2103829. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.