Insider Threat Detection Using Artificial Intelligence and Machine Learning

Detection of Insider Threats using Artificial Intelligence Submitted by: Shilpa Bhandar

Table of Contents INTRODUCTION OBJECTIVES INSIDER THREATS SECURITY RISKS MACHINE LEARNING RESULTS FINDINGS CONCLUSIONS

INTRODUCTION There are so many cybersecurity threats but insider threats are mentioned as one of the major security problems. Insider threats, also known as security risks, are mainly created by a current employee or a former employee or someone connected to that organization. Anyone who can access the organization inside information, Its resources and confidential data are insider threats. Artificial Intelligence such as Neural Networks, Deep Learning and Machine Learning that can detect security threats Via the Google Tensorflow software, the Convolutional Neural Network (CNN) algorithm was used and applied. steps: (a) collecting, processing, and classifying the data of the users tested; (b) the visualisation of collected data; (c) the categorization of malicious or regular behaviour.

OBJECTIVES This is an age of the internet and technology. INSIDERS have knowledge about everything inside the organization so internal attacks are more dangerous than external attacks. Data integrity and confidentiality is extremely important for the organization to succeed. Loss of any confidential data leads to security breach. Goal is to detect insider threats by using different machine learning techniques like data mining, support vector machines, artificial immune systems, artificial neural networks. an insider threat detection and prediction algorithm(IDPA) should be created to reduce both types of false positives and false negatives.

INSIDER THREATS SECURITY RISKS An insider who is maliciously hacking data is a turncloak. A pawn is just a regular employee, a do-gooder who makes an error or somehow contributes to data loss or vulnerability that is exploited by a bad actor. LOSS of company reputation. prevent the systems from functioning properly Installation of malware for their own purposes. They can steal or sell business trade secrets or intellectual property (IP)

MACHINE LEARNING No need for human interaction (automation). machine learning algorithms are still mostly used. In order to work on insider threat identification, machine learning-based methods are necessary. Supervised and Unsupervised Algorithm can be used for detecting Insider Threats. CNN is a supervised algorithm. In this case, the apparent benefit of supervised learning methods is that they are able to produce classifiers with far higher accuracy than algorithms for unsupervised learning methods / anomaly detection.

RESULTS Convolution neural Network(CNN) algorithm works better than other algorithms. Focusing only on the actions of each IT device consumer. CNN helps to identify automatically which subset of users appear to display malicious activity and which are genuine / harmless ones. The CNN technique was being used applied through the Google Tensorflow software for the execution of the experimental phase. Google Tensorflow was trained to recognise possible threats from images generated by the provided data. For the system's performance, two steps are critical: the input data and the method of processing. Translating log events into a graphic representation is the most suitable process. CNNs were used to analyse encrypted content from simple security concerns, which implemented a CNN- based generic detection engine.

FINDINGS (Gheyas & Abdallah, 2016) This article has mentioned two types of best algorithms like detection and evaluation of threats using fuzzy logic and another is, trying graph based threats detection approaches. (Igbe & Saadawi, 2018) The insider threat detection system is based on numerous NSA(Negative Selection Algorithms) which is an ensemble model and also known as AIS(Artificial Immune System) based algorithm. This algorithm provides feasible and intuitive solutions to these malicious threats problems. ( Mayhew, Atighetchi, Adler & Greenstadt, 2015) This article concepts are based on supervised machine learning where SVM classifiers anticipate whether document provenance, text segments, HTTP requests, network flows are doubtful or not, unsupervised machine learning by using K-means++ clustering algorithm for controlling stability. BBAC helps in determining accuracy, scalability and precision by calculating TP(True Positive) and FP(False Positive).

CONCLUSION Insider threats are more serious security issues than outsider or any other threats and it is critical to find the Artificial Intelligence algorithm to mitigate this threat. The definition of the actions of a user as malicious often relies on the security policies implemented by the business or agency to safeguard its information system. The aim of this research was to research the viability of using machine learning approaches by transforming activity reports into a visual representation to identify suspicious attacks. three phases: (a) the compilation, encoding and classification of the users ' data under consideration; (b) the simulation of the collected data; and (c) by use of the CNN model to identify malicious or regular behaviour.