Anomaly detection is an important problem that has been well-studied within diverse research areas and application domains. The aim of this survey is two-fold, firstly we present a structured and comprehensive overview of research methods in deep learning-based anomaly detection. Furthermore, we review the adoption of these methods for anomaly across various application domains and assess their effectiveness. We have grouped state-of-the-art research techniques into different categories based on the underlying assumptions and approach adopted. Within each category we outline the basic anomaly detection technique, along with its variants and present key assumptions, to differentiate between normal and anomalous behavior. For each category, we present we also present the advantages and limitations and discuss the computational complexity of the techniques in real application domains. Finally, we outline open issues in research and challenges faced while adopting these techniques.

Deep Learning for Anomaly Detection: A Survey.

Insider threats, as one type of the most challenging threats in cyberspace, usually cause significant loss to organizations. While the problem of insider threat detection has been studied for a long time in both security and data mining communities, the traditional machine learning based detection approaches, which heavily rely on feature engineering, are hard to accurately capture the behavior difference between insiders and normal users due to various challenges related to the characteristics of underlying data, such as high-dimensionality, complexity, heterogeneity, sparsity, lack of labeled insider threats, and the subtle and adaptive nature of insider threats. Advanced deep learning techniques provide a new paradigm to learn end-to-end models from complex data. In this brief survey, we first introduce one commonly-used dataset for insider threat detection and review the recent literature about deep learning for such research. The existing studies show that compared with traditional machine learning algorithms, deep learning models can improve the performance of insider threat detection. However, applying deep learning to further advance the insider threat detection task still faces several limitations, such as lack of labeled data, adaptive attacks. We then discuss such challenges and suggest future research directions that have the potential to address challenges and further boost the performance of deep learning for insider threat detection.

Deep Learning for Insider Threat Detection: Review, Challenges and Opportunities

The most detrimental cyber attacks are usually not originated by malicious outsiders or malware but from trusted insiders. The main advantage insider attackers have over external elements is their ability to bypass security checks and remain undiscovered, this may cause serious damage to the organizational assets. This paper focuses on insider threat detection through behavioral analysis of users. User behavior is categorized as normal or malicious based on user activity. A series of events and activities are analyzed for feature selection to efficiently detect adversarial behavior. Selected feature vectors are used for model training during the implementation phase. A deep learning based approach is proposed that detects insiders with greater accuracy and low false positive rate. A rich event / user role based feature set containing Logon/Logoff events, User_role, Functional_unit etc are used for detection. The dataset used is the CMU CERT synthetic insider threat dataset r4.2. Performance of our proposed algorithm has been compared to other well-known techniques i.e. long short term Memory- convolutional neural network, random forest, long short term memory- recurrent neural network, one class support vector machine, Markov chain model, multi state long short term memory & convolutional neural network, gated recurrent unit & skipgram. The comparison proved that our novel approach produces relatively good accuracy(90.60%), precision(97%) and F1 Score (94%).

/pdf/behavioral-based-insider-threat-detection-using-deep-h48og4oyy8.pdf

Behavioral Based Insider Threat Detection Using Deep Learning

The insider threat is a vital security problem concern in both the private and public sectors. A lot of approaches available for detecting and mitigating insider threats. However, the implementation of an effective system for insider threats detection is still a challenging task. In previous work, the Machine Learning (ML) technique was proposed in the insider threats detection domain since it has a promising solution for a better detection mechanism. Nonetheless, the (ML) techniques could be biased and less accurate when the dataset used is hugely imbalanced. Therefore, in this article, an integrated insider threat detection is named (AD-DNN), which is an integration of adaptive synthetic technique (ADASYN) sampling approach and deep neural network technique (DNN). In the proposed model (AD-DNN), the adaptive synthetic (ADASYN) is used to solve the imbalanced data issue and the deep neural network (DNN) for insider threat detection. The proposed model uses the CERT dataset for the evaluation process. The experimental results show that the proposed integrated model improves the overall detection performance of insider threats. A significant impact on the accuracy performance brings a better solution in the proposed model compared with the current insider threats detection system.

/pdf/an-integrated-imbalanced-learning-and-deep-neural-network-189wgqkekp.pdf

An Integrated Imbalanced Learning and Deep Neural Network Model for Insider Threat Detection

Log analysis is a technique of deriving knowledge from log files containing records of events in a computer system. A common application of log analysis is to derive critical information about a system's security issues and intrusions, which subsequently leads to being able to identify and potentially stop intruders attacking the system. However, many systems produce a high volume of log data with high frequency, posing serious challenges in analysis. This paper contributes with a systematic literature review and discusses current trends, advancements, and future directions in log security analysis within the past decade. We summarized current research strategies with respect to technology approaches from 34 current publications. We identified limitations that poses challenges to future research and opened discussion on issues towards logging mechanism in the software systems. Findings of this study are relevant for software systems as well as software parts of the Internet of Things (IoT) systems.

On Vulnerability and Security Log analysis: A Systematic Literature Review on Recent Trends

Insider threats have shown their great destructive power in information security and financial stability and have received widespread attention from governments and organizations. Traditional intrusion detection systems fail to be effective in insider attacks due to the lack of extensive knowledge for insider behavior patterns. Instead, a more sophisticated method is required to have a deeper understanding for activities that insiders communicate with the information system. In this paper, we design a classifier, a neural network model utilizing Long Short Term Memory (LSTM) to model user log as a natural language sequence and achieve role-based classification. LSTM Model can learn behavior patterns of different users by automatically extracting feature and detect anomalies when log patterns deviate from the trained model. To illustrate the effective of classification model, we design two experiments based on cmu dataset. Experimental evaluations have shown that our model can successfully distinguish different behavior pattern and detect malicious behavior.

Role-based Log Analysis Applying Deep Learning for Insider Threat Detection

With the development of computing and communication technologies, extremely large amount of data has been collected, stored, utilized, and shared, while new security and privacy challenges arise. Existing platforms do not provide flexible and practical access control mechanisms for big data analytics applications. In this paper, we present GuardSpark++, a fine-grained access control mechanism for secure data sharing and analysis in Spark. In particular, we first propose a purpose-aware access control (PAAC) model, which introduces new concepts of data processing/operation purposes to conventional purpose-based access control. An automatic purpose analysis algorithm is developed to identify purposes from data analytics operations and queries, so that access control could be enforced accordingly. Moreover, we develop an access control mechanism in Spark Catalyst, which provides unified PAAC enforcement for heterogeneous data sources and upper-layer applications. We evaluate GuardSpark++ with five data sources and four structured data analytics engines in Spark. The experimental results show that GuardSpark++ provides effective access control functionalities with a very small performance overhead (average 3.97%).

GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark

The embodiment of the invention provides a heterogeneous graph embedding-based network space security threat detection method and system. The method comprises the steps of obtaining entity behavior data; associating all data items in the entity behavior data according to the meta-attribute association relationship to obtain a data item sequence, and constructing a heterogeneous graph based on thedata item sequence; converting each node in the heterogeneous graph into a low-dimensional vector based on a graph embedding learning method, and obtaining vectorized expression of each node; and analyzing and processing the features of the vectorized expression to judge whether the data item corresponding to the vectorized expression is a malicious behavior or not. According to the embodiment, the heterogeneous graph for threat detection is established, entity behavior data items are simplified and represented in a vectorized mode, data item level threat detection for network space security is provided, later manual correction is not needed, labeled data items serve as training samples, and the detection precision and the detection feasibility are effectively improved.

Network space security threat detection method and system based on heterogeneous graph embedding

The embodiment of the invention provides an internal threat detection method and device. The method comprises the steps of acquiring user behavior information and user identification information; inputting the user behavior information into a preset user behavior classification model to obtain user behavior classification information; analyzing the user behavior classification information according to the user identification information to obtain an internal threat detection result, wherein the preset user behavior classification model is obtained by training based on the user behavior training sample set. The user behavior training sample set comprises multi-dimensional data information, and multi-dimensional data analysis is ensured. A preset user behavior classification model learns a hidden layer through a gate control unit in a long short-term memory network; the hidden user behavior information is mined, the behavior mode of the user is mined on the whole, then whether the user behavior information corresponding to each piece of user identification information is correctly classified to the user identification information or not is judged, and if the classification accuracy is lower than a preset threshold value, internal threat early warning is sent out.

Internal threat detection method and device

Handle everyday research tasks with reliable, citation-backed results

Your personal Research Agent to handle research tasks with citation-backed results

Popular Tasks used by Researchers

How can I help with your research?

Meet SciSpace

Get more enhanced response by uploading the PDFs you want me to reference.

No relevant PDFs in your library

SciSpace is the AI research assistant for academics. Run systematic literature reviews on 280M+ papers, and write papers with cited sources. Trusted by 1M+ students, PhDs & researchers.

SciSpace | AI for Research

Analyze PDFs

Code & Manuscripts

Funding & Grants

Literature & Patents

Medical & Clinical Data

Systematic Review

Visualize & Present

Web & Data

Build a Google Scholar-like website for your research.

Build a website

Create charts and images for your research

Create a Chart

Write a paper for submission to a journal

Draft a manuscript

Patent Search

Design eye-catching scientific posters in minutes.

Scientific Poster Generation

Systematic Literature Review

One task is running at the moment. Your messages will be shown right after.

Drag and drop or click here to browse

Loved by <highlight>1 million+</highlight> researchers

Extract a list of specific topics and their sources from unstructured text

Topics

Compare and analyze relevant papers that matches with your search

Papers

Get insights from PDFs and bookmarked papers from your library

My library

Recent searches

Try searching for:

Catch AI-generated content in scholarly and non-scholarly content

{ai} Detector

Ai Writer

Get PDF Summaries, highlighted text explanations 

Chat with PDF

Effortlessly create in-text citations and bibliographies in APA and 2,500 other formats

Citation generator

Get explanations, summaries, and answers on academic papers

Ease up your research workflow with {scispace}'s cohort of exciting AI tools

Elevate your academic writing skills and convey your ideas the way you want

Paraphraser

Explore our range of reading and writing tools

Your file is being prepared and should be ready in a few minutes. If it's a large file, it might take a bit longer. You can close this window, and we'll email you the file when it's done.

You have reached a maximum limit of <strong>{limit}</strong> columns in the table. Remove at least <strong>1</strong> column to add or create another one.

Zheng Yang

Author Tools

Chat about Author

Papers

Role-based Log Analysis Applying Deep Learning for Insider Threat Detection

GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark

Network space security threat detection method and system based on heterogeneous graph embedding

Internal threat detection method and device