EXPLORING THE EFFECT OF SAMPLING AND DIMENSIONALITY REDUCTION TECHNIQUES FOR INSIDER THREAT DETECTION

Abstract

Insider threats represent a significant challenge for organizations. They cost organizations money, time and resources. In 2024, a recent report by Code42 found that the average cost of an insider incident is $15 million. There are also costs to security teams, who are wasting time with limited resources. Thus, as artificial intelligence and machine learning has become mainstream, more and more security teams are looking to leverage these models to maximize their impact. This thesis explores a machine learning based approach in the field of insider threat detection with a specific focus on infiltration attacks. In particular, the impact of four dimensionality reduction and three sampling techniques are explored on the performance of machine learning models for detecting such attacks. These techniques are evaluated on three publicly available datasets using six ML models. The results indicate that in comparison to the original data features, it is possible to achieve comparable performances in detect- ing filtration attacks where dimensionality reduction is used. This capability potentially facilitates faster operational responses by reducing computational costs. The thesis research provides results and observations on the feasibility of utilizing reduced dimensionality for insider threat detection in filtration attack scenarios, presenting a foundation for further exploratory work in this field.