Behavioral based threat detection

Download 12
File Size 568.40 KB
File Count 1
Create Date 03/04/2025
Last Updated 03/04/2025

Download

Description

Behavioral based threat detection

1Nitha N, 2Rahana, 3Rizwan M, 4Sajitha A S

1Student, 2Student, 3Student, 4Assistant professor(CSE)

Computer Science and Engineering Department,

Nehru College of Engineering and Research Centre (NCERC), Thrissur, India

***

Abstract - Insider threats pose a significant risk to organizations as they exploit legitimate access to bypass traditional security measures, making them harder to detect than external attacks. This study addresses the challenge by utilizing deep learning to analyze user behavior and identify malicious activities through a carefully selected set of event- based features. By training on the CMU CERT r4.2 dataset, the proposed model effectively learns patterns of adversarial behavior, reducing false positives while maintaining high detection accuracy. The paper presents a deep learning-based approach for insider threat detection, emphasizing behavioral analysis to distinguish between normal and malicious user activities. By leveraging a rich event-based feature set, including logon/logoff events, user roles, and functional units, the model is trained on the CMU CERT r4.2 dataset to identify adversarial behavior with high accuracy and a low false positive rate. The proposed method outperforms several established techniques, including LSTM-CNN, random forest, LSTMRNN, one-class SVM, Markov chain models, multi-state LSTM-CNN, and GRU-Skipgram. Experimental results demonstrate the effectiveness of this approach, achieving 90.60% accuracy, 97% precision, and a 94% F1- score, making it a promising solution for mitigating insider threats in organizations.

Key Words:Insider threats, Legitimate access, Bypass

security measures, Detection, Deep learning-based approach, User behavior analysis, Event-based features, Logon/logoff events, User roles, Functional units, CMU CERT r4.2 dataset, Adversarial behavior, False positives, LSTM-CNN, Random forest, LSTM-RNN, One-class SVM, Markov chain models, Multi-state LSTM-CNN, GRU-skipgram, Accuracy(90.60%), Precision(97%), F1score(94%), Cybersecurity defenses.

Previous

Federated Learning for Edge Intelligence

Next

A Study on the Role of Carbon Offsetting in Sustainable Supply Chains Encouraging Low-Carbon Footprint Practices

What is DOI

DOI:

A DOI will help Author(s) easily locate a document from your citation. Think of it like a Social Security number for the article you're citing — it will always refer to that article, and only that one. While a web address (URL) might change, the DOI will never change.

Where can i find DOI:

In IJSREM journal articles, the DOI will be printed with the article itself, usually on the footer of the page
If the DOI isn't included in the article, look it up on the website CrossRef.org (use the "Search Metadata" option) to check for an assigned DOI.

Benefits:

Allows for a quick and precise search.
Article can always be located.
Persistent link to its location on the Internet.
Easier identification of published articles even if the metadata URL is changed.
Aid in citation tracking, ensuring a researcher has accurate metrics on how and where their research outputs are being used or referenced.

Site Map

Terms and Conditions

Copyright Infragmentation

Publication Ethics

Editorial Board

Processing Fee's

Call for Papers

Publication Procedure

Research Topics

Frequently Asked Questions

What type of papers does International Journal of Scientific Research in Engineering and Management (IJSREM) publish?

Research Paper, Survey Paper, Informative Article, Case Studies, Review Papers, Comparative Studies

How long does it take for an accepted paper to be actually published?

Approximate will inform within 24 hours via email and sms.

What is the procedure to submit my paper?

Please Submit your Research Paper here Submit Research Paper Online - IJSREM

What is a Paper ID?

Paper ID is an Unique Identification Code provided to your submitted Manuscript. You should always mention the Paper ID during any communication with us.

How long my published paper will stay online?

Lifetime.

May I submit more than one article?

We will accept multiple submissions across multiple communities, as long as the author joins each community.

Why IJSREM?

IJSREM is one of the world's leading and fastest-growing research publications with the paramount objective of discovering advances by publishing insightful, double-blind, peer-reviewed scientific journals.

Publication Time Period

The Submitted Article/Paper will accept within 12-24 Hours, and it can publish within 24 Hours

Publication Procedure

Manuscript Submission - Check Manuscript Plagiarism - Send for Editorial Review - Final Decission to Author - Payment of Publication Fee - Re-screening - Final Publication

Processing Fee's

For Management, Hosting & Office Expenditure IJSREM Journal may charge some amount to publish the paper.

To Publish a Paper ₹: 800/- INR (without DOI)

₹:1000/- INR (with DOI)

To the extent possible under, Indospace Publications has waived all copyright and related or neighboring rights to Journal. This work is published from India.

Disclaimar Privacy Policy Terms and Conditions

Copyright © 2023. All Rights Reserved