Research Article
CapsITD: Malicious Insider Threat Detection Based on Capsule Neural Network
@INPROCEEDINGS{10.1007/978-3-031-25538-0_4, author={Haitao Xiao and Chen Zhang and Song Liu and Bo Jiang and Zhigang Lu and Fei Wang and Yuling Liu}, title={CapsITD: Malicious Insider Threat Detection Based on Capsule Neural Network}, proceedings={Security and Privacy in Communication Networks. 18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings}, proceedings_a={SECURECOMM}, year={2023}, month={2}, keywords={Insider threat detection Capsule neural network Graph embedding}, doi={10.1007/978-3-031-25538-0_4} }- Haitao Xiao
Chen Zhang
Song Liu
Bo Jiang
Zhigang Lu
Fei Wang
Yuling Liu
Year: 2023
CapsITD: Malicious Insider Threat Detection Based on Capsule Neural Network
SECURECOMM
Springer
DOI: 10.1007/978-3-031-25538-0_4
Abstract
Insider threat has emerged as the most destructive security threat due to its secrecy and great destructiveness to the core assets. It is very important to detect malicious insiders for protecting the security of enterprises and organizations. Existing detection methods seldom consider correlative information between users and can not learn the extracted features effectively. To address the aforementioned issues, we present CapsITD, a novel user-level insider threat detection method. CapsITD constructs a homogeneous graph that contains the correlative information from users’ authentication logs and then employs a graph embedding technique to embed the graph into low-dimensional vectors as structural features. We also design an anomaly detection model using capsule neural network for CapsITD to learn extracted features and identify malicious insiders. Comprehensive experimental results on the CERT dataset clearly demonstrate CapsITD’s effectiveness.
