Show simple item record

dc.contributor.authorLe, Duc
dc.date.accessioned2021-08-25T17:26:15Z
dc.date.available2021-08-25T17:26:15Z
dc.date.issued2021-08-25T17:26:15Z
dc.identifier.urihttp://hdl.handle.net/10222/80731
dc.description.abstractInsider threat represents a major cyber-security challenge to companies, organizations, and government agencies. Harmful actions in insider threats are performed by authorized users in organizations. Due to the fact that an insider is authorized to access the organization's computer systems and has knowledge about the organization's security procedures, detecting insider threats is challenging. Many other challenges exist in this detection problem, including unbalanced data, limited ground truth, and possible user behaviour changes. This research proposes a comprehensive machine learning-based framework for insider threat detection, from data pre-processing, a combination of supervised and unsupervised learning, to deep analysis and meaningful result reporting. For the data pre-processing step, the framework introduces a data extraction approach allowing extraction of numerical feature vectors representing user activities from heterogeneous data, with different data granularity levels and temporal data representations, and enabling applications of machine learning. In the initial detection step of the framework, assume no available ground truth, unsupervised learning methods with different working principles and unsupervised ensembles are explored for anomaly detection to identify anomalous user behaviours that may indicate insider threats. Furthermore, the framework employs supervised and semi-supervised machine learning under limited ground truth availability and real-world conditions to maximize the effectiveness of limited training data and detect insider threats with high precision. Throughout the thesis, realistic evaluation and comprehensive result reporting are performed to facilitate understanding of the framework's performance under real-world conditions. Evaluation results on publicly available datasets show the effectiveness of the proposed approach. High insider threat detection rates are achieved at very low false positive rates. The robustness of the detection models is also demonstrated and comparisons with the state-of-the-art confirm the advantages of the approach.en_US
dc.language.isoenen_US
dc.subjectmachine learningen_US
dc.subjectinsider threaten_US
dc.subjectanomaly detectionen_US
dc.titleMachine Learning based Framework for User-Centered Insider Threat Detectionen_US
dc.date.defence2021-08-13
dc.contributor.departmentFaculty of Computer Scienceen_US
dc.contributor.degreeDoctor of Philosophyen_US
dc.contributor.external-examinerDr. Mohammad Zulkernineen_US
dc.contributor.graduate-coordinatorDr. Evangelos Miliosen_US
dc.contributor.thesis-readerDr. Srinivas Sampallien_US
dc.contributor.thesis-readerDr. Andrew McIntyreen_US
dc.contributor.thesis-supervisorDr. Nur Zincir-Heywooden_US
dc.contributor.thesis-supervisorDr. Malcolm Heywooden_US
dc.contributor.ethics-approvalNot Applicableen_US
dc.contributor.manuscriptsNot Applicableen_US
dc.contributor.copyright-releaseNot Applicableen_US
 Find Full text

Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record