ABSTRACT
In real world applications, variation in deployment environments, such as changes in data collection techniques, can affect the effectiveness and/or efficiency of machine learning (ML) systems. In this work, we investigate techniques to allow a previously trained population of Linear Genetic Programming (LGP) insider threat detectors to adapt to an expanded feature space. Experiments show that appropriate methods can be adopted to enable LGP to incorporate the new data efficiently, hence reducing computation requirements and expediting deployment under the new conditions.
- CERT and ExactData, LLC. 2016. Insider Threat Test Dataset. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=508099. (2016).Google Scholar
- Fariba Haddadi and A. Nur Zincir-Heywood. 2015. Botnet Detection System Analysis on the Effect of Botnet Evolution and Feature Representation. In ACM GECCO Companion '15. 893--900. Google ScholarDigital Library
- Sara Khanchi, Ali Vahdat, Malcolm I. Heywood, and A. Nur Zincir-Heywood. 2018. On botnet detection with genetic programming under streaming data label budgets and class imbalance. Swarm and Evolutionary Computation 39 (2018).Google Scholar
- Duc C. Le, Sara Khanchi, A. Nur Zincir-Heywood, and Malcolm I. Heywood. 2018. Benchmarking evolutionary computation approaches to insider threat detection. In ACM GECCO '18. 1286--1293. Google ScholarDigital Library
- Duc C. Le and A. Nur Zincir-Heywood. 2019. Machine learning based Insider Threat Modellingand Detection. In IFIP/IEEE International Symposium on Integrated Network Management.Google Scholar
- Emaad Manzoor, Hemank Lamba, and Leman Akoglu. 2018. xStream: Outlier Detection in Feature-Evolving Data Streams. In ACM SIGKDD '18. 1963--1972.Google ScholarDigital Library
Index Terms
- Benchmarking genetic programming in dynamic insider threat detection
Recommendations
Benchmarking evolutionary computation approaches to insider threat detection
GECCO '18: Proceedings of the Genetic and Evolutionary Computation ConferenceInsider threat detection represents a challenging problem to companies and organizations where malicious actions are performed by authorized users. This is a highly skewed data problem, where the huge class imbalance makes the adaptation of learning ...
Classification of Insider Threat Detection Techniques
CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research ConferenceMost insider attacks done by people who have the knowledge and technical know-how of launching such attacks. This topic has long been studied and many detection techniques were proposed to deal with insider threats. This short paper summarized and ...
Few-shot Insider Threat Detection
CIKM '20: Proceedings of the 29th ACM International Conference on Information & Knowledge ManagementInsiders cause significant cyber-security threats to organizations. Due to a very limited number of insiders, most of the current studies adopt unsupervised learning approaches to detect insiders by analyzing the audit data that record information about ...
Comments