research-article

Benchmarking evolutionary computation approaches to insider threat detection

Authors:

A. Nur Zincir-Heywood,

Malcolm I. HeywoodAuthors Info & Claims

GECCO '18: Proceedings of the Genetic and Evolutionary Computation Conference

Pages 1286 - 1293

https://doi.org/10.1145/3205455.3205612

Published: 02 July 2018 Publication History

Abstract

Insider threat detection represents a challenging problem to companies and organizations where malicious actions are performed by authorized users. This is a highly skewed data problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. In this work, applications of genetic programming (GP) and stream active learning are evaluated for insider threat detection. Linear GP with lexicase/multi-objective selection is employed to address the problem under a stationary data assumption. Moreover, streaming GP is employed to address the problem under a non-stationary data assumption. Experiments conducted on a publicly available corporate data set show the capability of the approaches in dealing with extreme class imbalance, stream learning and adaptation to the real world context.

References

[1]

M. Barreno, B. Nelson, A. D. Joseph, and J. D. Tygar. 2010. The security of machine learning. Machine Learning 81, 2 (2010), 121--148.

Digital Library

[2]

A. Bifet, G. Holmes, R. Kirkby, and B. Pfahringer. 2010. MOA: Massive Online Analysis. Journal of Machine Learning Research 11 (2010), 1601--1604.

Digital Library

[3]

M. F. Brameier and W. Banzhaf. 2007. Linear Genetic Programming. Springer US.

Digital Library

[4]

J. Demsar. 2006. Statistical Comparisons of Classifiers over Multiple Data Sets. Journal of Machine Learning Research 7 (2006), 1--30.

Digital Library

[5]

W. Eberle, L. Holder, and D. Cook. 2009. Identifying Threats Using Graph4)ased Anomaly Detection. In Machine Learning in Cyber Trust. Springer, 73--108.

[6]

F. Eibe, M. A. Hall, and I. H. Witten. 2017. The WEKA Workbench. In Data mining: practical machine learning tools and techniques (4 ed.). Morgan Kaufmann.

[7]

J. Gama. 2012. A survey on learning from data streams: current and future trends. Progress in AI 1, 1 (2012), 45--55.

[8]

J. Glasser and B. Lindauer. 2013. Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data. In IEEE Symposium on Security and Privacy Workshops. 98--104.

Digital Library

[9]

F. Haddadi and A. N. Zincir-Heywood. 2015. A Closer Look at the HTTP and P2P Based Botnets from a Detector's Perspective. In Foundations and Practice of Security - 8th International Symposium (FPS 2015). Clermont-Ferrand, France, 212--228.

[10]

T. Helmuth, L. Spector, and J. Matheson. 2015. Solving Uncompromising Problems With Lexicase Selection. IEEE Transactions on Evolutionary Computation 19, 5 (2015), 630--643.

Digital Library

[11]

M. I. Heywood. 2015. Evolutionary model building under streaming data for classification tasks: opportunities and challenges. Genetic Programming and Evolvable Machines 16, 3 (2015), 283--326.

Digital Library

[12]

G. Hulten, L. Spencer, and P. M. Domingos. 2001. Mining time-changing data streams. In ACM SIGKDD International Conference on Knowledge discovery and data mining. 97--106.

Digital Library

[13]

S. Khanchi, M. I. Heywood, and A. N. Zincir-Heywood. 2016. On the Impact of Class Imbalance in GP Streaming Classification with Label Budgets. In European Genetic Programming Conference. 35--50.

[14]

S. Khanchi, M. I. Heywood, and A. N. Zincir-Heywood. 2017. Properties of a GP active learning framework for streaming data with class imbalance. In ACM Genetic and Evolutionary Computation Conference. 945--952.

Digital Library

[15]

K. Krawiec and M. I. Heywood. 2017. Solving Complex Problems with Coevolutionary Algorithms. In ACM Genetic and Evolutionary Computation Conference (Companion). 782--806.

Digital Library

[16]

P. Lichodzijewski and M. I. Heywood. 2008. Managing team-based problem solving with symbiotic bid-based genetic programming. In ACM Genetic and Evolutionary Computation Conference. 363--370.

Digital Library

[17]

P. Parveen, J. Evans, B. M. Thuraisingham, K. W. Hamlen, and L. Khan. 2011. Insider Threat Detection Using Stream Mining and Graph Mining. In IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing. 1102--1110.

[18]

P. Parveen and B. M. Thuraisingham. 2012. Unsupervised incremental sequence learning for insider threat detection. In IEEE International Conference on Intelligence and Security Informatics. 141--143.

[19]

T. Rashid, I. Agrafiotis, and J. R. C. Nurse. 2016. A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models. In ACM CCS International Workshop on Managing Insider Security Threats. 47--56.

Digital Library

[20]

S. Ren, Y. Lian, and X. Zou. 2014. Incremental Naïve Bayesian Learning Algorithm based on Classification Contribution Degree. Journal of Computers 9, 8 (2014), 1967--1974.

[21]

T. E. Senator, H. G. Goldberg, A. Memory, W. T. Young, B. Rees, R. Pierce, D. Huang, M. Reardon, D. A. Bader, E. Chow, I. A. Essa, J. Jones, V. Bettadapura, D. H. Chau, O. Green, O. Kaya, A. Zakrzewska, E. Briscoe, R. L. Mappus IV, R. McColl, L. Weiss, T. G. Dietterich, A. Fern, W.-K. Wong, S. Das, A. Emmott, J. Irvine, J. Yoon Lee, D. Koutra, C. Faloutsos, D. D. Corkill, L. Friedland, A. Gentzel, and D. D. Jensen. 2013. Detecting insider threats in a real corporate database of computer usage activity. In ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 1393--1401.

Digital Library

[22]

W. T. Strayer, D. E. Lapsley, R. Walsh, and C. Livadas. 2008. Botnet Detection Based on Network Behavior. In Botnet Detection: Countering the Largest Security Threat. 1--24.

[23]

A. Tuor, S. Kaplan, B. Hutchinson, N. Nichols, and S. Robinson. 2017. Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams. In Proceedings of the AAAI-17 Workshop on Artificial Intelligence for Cyber Security. 224--231.

[24]

A. Vahdat, J. Morgan, A. R. McIntyre, M. I. Heywood, and A. N. Zincir-Heywood. 2015. Evolving GP Classifiers for Streaming Data Tasks with Concept Change and Label Budgets: A Benchmarking Study. In Handbook of Genetic Programming Applications. 451--480.

[25]

Q. Wang, W. Guo, K. Zhang, A. G. Ororbia II, X. Xing, Liu X, and C. L. Giles. 2017. Adversary Resistant Deep Neural Networks with an Application to Malware Detection. In ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 1145--1153.

Digital Library

[26]

X. Wu, V. Kumar, J. Ross Quinlan, J. Ghosh, Q. Yang, H. Motoda, G. J. McLachlan, A. F. M. Ng, B. Liu, P. S. Yu, Z.-H. Zhou, M. Steinbach, D. J. Hand, and D. Steinberg. 2008. Top 10 algorithms in data mining. Knowledge Information Systems 14, 1 (2008), 1--37.

Digital Library

[27]

I. Zliobaite, A. Bifet, B. Pfahringer, and G. Holmes. 2014. Active Learning With Drifting Streaming Data. IEEE Transactions on Neural Networks Learning Systems 25, 1 (2014), 27--39.

Cited By

Pei WXue BZhang MShang LYao XZhang Q(2024)A Survey on Unbalanced Classification: How Can Evolutionary Computation Help?IEEE Transactions on Evolutionary Computation10.1109/TEVC.2023.325723028:2(353-373)Online publication date: Apr-2024
https://doi.org/10.1109/TEVC.2023.3257230
Wu BYuan XWang SLi QXue MPan S(2024)Securing Graph Neural Networks in MLaaS: A Comprehensive Realization of Query-based Integrity Verification2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00110(2534-2552)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00110
Abdallah HAbd-Elkader HMohamed KAbd-Elmoniem MEl-Assal NMohamed SSaid SSalem S(2024)Performance Evaluation Framework for Insider Threat Detection Using Machine Learning2024 Intelligent Methods, Systems, and Applications (IMSA)10.1109/IMSA61967.2024.10652829(1-6)Online publication date: 13-Jul-2024
https://doi.org/10.1109/IMSA61967.2024.10652829
Show More Cited By

Index Terms

Benchmarking evolutionary computation approaches to insider threat detection
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
2. Theory of computation
  1. Design and analysis of algorithms
    1. Mathematical optimization
      1. Non-parametric optimization
        Genetic programming
    2. Online algorithms
      1. Online learning algorithms

Recommendations

Few-shot Insider Threat Detection
CIKM '20: Proceedings of the 29th ACM International Conference on Information & Knowledge Management

Insiders cause significant cyber-security threats to organizations. Due to a very limited number of insiders, most of the current studies adopt unsupervised learning approaches to detect insiders by analyzing the audit data that record information about ...
Classification of Insider Threat Detection Techniques
CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference

Most insider attacks done by people who have the knowledge and technical know-how of launching such attacks. This topic has long been studied and many detection techniques were proposed to deal with insider threats. This short paper summarized and ...
Multi-Domain Information Fusion for Insider Threat Detection
SPW '13: Proceedings of the 2013 IEEE Security and Privacy Workshops

Malicious insiders pose significant threats to information security, and yet the capability of detecting malicious insiders is very limited. Insider threat detection is known to be a difficult problem, presenting many research challenges. In this paper ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

GECCO '18: Proceedings of the Genetic and Evolutionary Computation Conference

July 2018

1578 pages

ISBN:9781450356183

DOI:10.1145/3205455

Editor:
Hernan Aguirre
Shinshu University
,
General Chair:
Keiki Takadama
The University of Electro-Communications

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGEVO: ACM Special Interest Group on Genetic and Evolutionary Computation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 July 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

GECCO '18

Sponsor:

SIGEVO

GECCO '18: Genetic and Evolutionary Computation Conference

July 15 - 19, 2018

Kyoto, Japan

Acceptance Rates

Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
455
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)4

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Pei WXue BZhang MShang LYao XZhang Q(2024)A Survey on Unbalanced Classification: How Can Evolutionary Computation Help?IEEE Transactions on Evolutionary Computation10.1109/TEVC.2023.325723028:2(353-373)Online publication date: Apr-2024
https://doi.org/10.1109/TEVC.2023.3257230
Wu BYuan XWang SLi QXue MPan S(2024)Securing Graph Neural Networks in MLaaS: A Comprehensive Realization of Query-based Integrity Verification2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00110(2534-2552)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00110
Abdallah HAbd-Elkader HMohamed KAbd-Elmoniem MEl-Assal NMohamed SSaid SSalem S(2024)Performance Evaluation Framework for Insider Threat Detection Using Machine Learning2024 Intelligent Methods, Systems, and Applications (IMSA)10.1109/IMSA61967.2024.10652829(1-6)Online publication date: 13-Jul-2024
https://doi.org/10.1109/IMSA61967.2024.10652829
Rao TDarapaneni NPaduri AS AKumar APs G(2023)Insider Threat Detection: Using Classification ModelsProceedings of the 2023 Fifteenth International Conference on Contemporary Computing10.1145/3607947.3608009(307-312)Online publication date: 3-Aug-2023
https://dl.acm.org/doi/10.1145/3607947.3608009
Singh SChattopadhyay P(2023)Hierarchical Classification Using Ensemble of Feed-Forward Networks for Insider Threat Detection from Activity Logs2023 IEEE 20th India Council International Conference (INDICON)10.1109/INDICON59947.2023.10440886(782-787)Online publication date: 14-Dec-2023
https://doi.org/10.1109/INDICON59947.2023.10440886
Randive KMohan RSivakrishna A(2023)An efficient pattern-based approach for insider threat classification using the image-based feature representationJournal of Information Security and Applications10.1016/j.jisa.2023.10343473:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103434
Singh MMehtre BSangeetha S(2022)User behavior based Insider Threat Detection using a Multi Fuzzy ClassifierMultimedia Tools and Applications10.1007/s11042-022-12173-y81:16(22953-22983)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1007/s11042-022-12173-y
Alsowail R(2022)An Insider Threat Detection Model Using One-Hot Encoding and Near-Miss Under-Sampling TechniquesProceedings of International Joint Conference on Advances in Computational Intelligence10.1007/978-981-19-0332-8_13(183-196)Online publication date: 19-May-2022
https://doi.org/10.1007/978-981-19-0332-8_13
Al-Shehari TAlsowail R(2021)An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning TechniquesEntropy10.3390/e2310125823:10(1258)Online publication date: 27-Sep-2021
https://doi.org/10.3390/e23101258
Le DZincir-Heywood N(2021)Anomaly Detection for Insider Threats Using Unsupervised EnsemblesIEEE Transactions on Network and Service Management10.1109/TNSM.2021.307192818:2(1152-1164)Online publication date: Jun-2021
https://doi.org/10.1109/TNSM.2021.3071928
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents