Outlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection

Haidar, Diana and Gaber, Mohamed Medhat (2016) Outlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection. In: BCS SGAI Workshop on Data Stream Mining Techniques and Applications, 13th December, Cambridge.

[img]
Preview
Text
dsm_dianahaidar.pdf

Download (267kB)

Abstract

Insider threat detection is an emergent concern for industries and governments due to the growing number of attacks in recent years. Several Machine Learning (ML) approaches have been developed to detect insider threats, however, they still suffer from a high number of false alarms. None of those approaches addressed the insider threat problem from the perspective of stream mining data where a concept drift or an outlier is an indication of an insider threat. An outlier refers to anomalous behaviour that
deviates from the normal baseline of community's behaviour and is the focus of this paper. To address the shortcoming of existing approaches and realise a novel solution to the problem, we present RandSubOut (Random
Subspace Outliers) approach for insider threat detection over real-time data streaming. RandSubOut allows the detection of insider threats represented as localised outliers in random feature subspaces, which would not be detected over the whole feature space, due to dimensionality. We evaluated the presented approach as an ensemble of established distance-based outlier de
tection methods, namely, Micro-cluster-based Continuous Outlier Detection (MCOD) and Anytime OUTlier detection (AnyOut), according to evaluation measures including True Positive (TP) and False Positive (FP).

Item Type: Conference or Workshop Item (Paper)
Subjects: G400 Computer Science
Divisions: Faculty of Computing, Engineering and the Built Environment
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology > Enterprise Systems
UoA Collections > UoA11: Computer Science and Informatics
Depositing User: $ Ian McDonald
Date Deposited: 11 Jan 2017 14:23
Last Modified: 11 Jan 2017 14:28
URI: http://www.open-access.bcu.ac.uk/id/eprint/3802

Actions (login required)

View Item View Item

Research

In this section...