Title :
Unsupervised incremental sequence learning for insider threat detection
Author :
Parveen, Pallabi ; Thuraisingham, Bhavani
Author_Institution :
Dept. of Comput. Sci., Univ. of Texas at Dallas, Dallas, TX, USA
Abstract :
Insider threat detection requires the identification of rare anomalies in contexts where evolving behaviors tend to mask such anomalies. This paper proposes and tests an incremental learning algorithm based on unsupervised learning that addresses this challenge by maintaining repetitive sequences in a compressed dictionary to identify anomaly over dynamic data streams of unbounded length. For unsupervised learning, compression-based techniques are used to model normal behavior sequences. The result is a classifier that exhibits substantially increased classification accuracy for insider threat streams relative to traditional static learning approaches and effectiveness over supervised learning approaches.
Keywords :
security of data; unsupervised learning; anomaly identification; compression based techniques; dynamic data streams; incremental learning algorithm; insider threat detection; supervised learning; unbounded length; unsupervised incremental sequence learning; Data mining; Dictionaries; Educational institutions; Supervised learning; Training; Training data; Unsupervised learning; Increment Learning; Insider threat Detection; Unsupervised Learning;
Conference_Titel :
Intelligence and Security Informatics (ISI), 2012 IEEE International Conference on
Conference_Location :
Arlington, VA
Print_ISBN :
978-1-4673-2105-1
DOI :
10.1109/ISI.2012.6284271
