Outlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection

Haidar, Diana and Gaber, Mohamed Medhat (2017) Outlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection. The Specialist Group on Artificial Intelligence Expert Update, 17 (2). ISSN 1465 4091

[img]
Preview
Text
dsm_dianahaidar.pdf - Accepted Version

Download (267kB)

Abstract

Insider threat detection is an emergent concern for industries and governments due to the growing number of attacks in recent years. Several Machine Learning (ML) approaches have been developed to detect insider threats, however, they still suffer from a high number of false alarms. None of those approaches addressed the insider threat problem from the perspective of stream mining data where a concept drift or an outlier is an indication of an insider threat. An outlier refers to anomalous behaviour that
deviates from the normal baseline of community's behaviour and is the focus of this paper. To address the shortcoming of existing approaches and realise a novel solution to the problem, we present RandSubOut (Random
Subspace Outliers) approach for insider threat detection over real-time data streaming. RandSubOut allows the detection of insider threats represented as localised outliers in random feature subspaces, which would not be detected over the whole feature space, due to dimensionality. We evaluated the presented approach as an ensemble of established distance-based outlier de
tection methods, namely, Micro-cluster-based Continuous Outlier Detection (MCOD) and Anytime OUTlier detection (AnyOut), according to evaluation measures including True Positive (TP) and False Positive (FP).

Item Type: Article
Dates:
DateEvent
October 2016Accepted
2017Published
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Depositing User: Ian Mcdonald
Date Deposited: 11 Jan 2017 14:23
Last Modified: 22 Mar 2023 12:01
URI: https://www.open-access.bcu.ac.uk/id/eprint/3802

Actions (login required)

View Item View Item

Research

In this section...