A Theory-Based Deep Learning Approach for Insider Threat Detection and Classification

Abstract

Insider threats are a substantial concern to organizational security, often leading to grave financial and reputational damage. Classical insider threat detection methods rely on predefined rules and signatures and struggle to keep pace with these attacks' sophisticated and evolving nature leading to dismal performances. This research introduces a deep learning-based approach for insider threat detection, leveraging user network behavior as the primary data source. Our technology detects deviations in user network activity that might indicate harmful insider activities. We use a Gated Recurrent Network (GRU) that captures user behavior's temporal and spatial characteristics. The proposed model is validated using a synthetic CERT r4.2 dataset and exhibits higher detection rates based on accuracy, Recall, Precision, and f-measure. Additionally, the Social Bond Theory (SBT) and the Situational Crime Prevention Theory (SCPT) are used to elaborate effective ways to control insider threats. This study also presents solutions for dataset imbalance and high dimensionality that adversely hinder common insider threat datasets from giving accurate predictions during model training and validation. Our findings show that deep learning and data preprocessing approaches can considerably improve the ability to detect insider threats, giving organizations a reliable defense mechanism against insider threats.