Computer Science ›› 2019, Vol. 46 ›› Issue (11A): 496-501.

• Information Security • Previous Articles     Next Articles

Method for Unknown Insider Threat Detection with Small Samples

WANG Yi-feng, GUO Yuan-bo, LI Tao, KONG Jing   

  1. (Cryptography Engineering Institute,Information Engineering University,Zhengzhou 450001,China)
  • Online:2019-11-10 Published:2019-11-20

Abstract: Few insider threats are usually covered by a mass of normal data.It is difficult for traditional anomaly detection method based on machine learning to detect insider threats because of lacking in sufficient labeled data.To detect these unknown insider threats with small samples,this paper proposed a method based on prototypical networks witch used Long Short Term Memory networks to extract the features of user behavior data and updated parameters by meta learning.This method uses cosine similarity to classify new class samples which are not seen in training set.The experimental results with generated data based on CMU-CERT dataset finally show that the proposed method is effective,and the classification accuracy of detecting unknown insider threat is 88%.

Key words: Few-lhot learning, Unknown insider threat, Meta learning, Prototypical networks

CLC Number: 

  • TP393
[1]MUKHERJEE B,HEBERLEIN L T,LEVITT K N,et al.Network intrusion detection[J].IEEE Network,1994,8(3):26-41.
[3]KOTSIANTIS S B.Supervised machine learning:a review ofclassification techniques[J].Informatica (lithuanian Academy of Sciences),2007,31(3):249-268.
[4]VILALTA R,DRISSI Y.A perspective view and survey of meta-learning[J].Artificial Intelligence Review,2002,18(2):77-95.
[5]KRIZHEVSKY A,SUTSKEVER I,HINTON G E,et al.ImageNet classification with deep convolutional neural networks[C]∥Neural Information Processing Systems,2012:1097-1105.
[6]LECUN Y,BENGIO Y,HINTON G.Deep learning[J].Nature,2015,521(7553):436.
[7]HINTON G E,SALAKHUTDINOV R.Reducing the dimen-sionality of data with neural networks[J].Science,2006,313(5786):504-507.
[9]YOUNG W T,GOLDBERG H G,MEMORY A,et al.Use of domain knowledge to detect insider threats in computer activities[C]∥IEEE Symposium on Security and Privacy.2013:60-67.
[10]SENATOR T E,GOLDBERG H G,MEMORY A,et al.Detecting insider threats in a real corporate database of computer usage activity[C]∥Knowledge Discovery and Data Mining.2013:1393-1401.
[11]FINN C,ABBEEL P,LEVINE S,et al.Model-agnostic meta-learning for fast adaptation of deep networks[J].International Conference on Machine Learning,2017:1126-1135.
[12]LAKE B M,SALAKHUTDINOV R,TENENBAUM J B,et al.Human-level concept learning through probabilistic program induction[J].Science,2015,350(6266):1332-1338.
[13]SNELL J,SWERSKY K,ZEMEL R S,et al.Prototypical Networks for Few-shot Learning[J].Neural Information Processing Systems,2017:4077-4087.
[14]VINYALS O,BLUNDELL C,LILLICRAP T P,et al.Matching networks for one shot learning[J].Neural Information Processing Systems,2016:3637-3645.
[15]HOCHREITER S,YOUNGER A S,CONWELL P R,et al.Learning to Learn Using Gradient Descent[J].International Conference on Artificial Neural Networks,2001:87-94.
[16]SANTORO A,BARTUNOV S,BOTVINICK M M,et al.Meta-learning with memory-augmented neural networks[C]∥International Conference on Machine Learning.2016:1842-1850.
[17]SANTORO A,BARTUNOV S,BOTVINICK M M,et al.One-shot learning with memory-augmented neural networks[J].arXiv:Learning,2016.
[18]RAVI S,LAROCHELLE H.Optimization as a model for few-shot learning[C]∥International Conference on Learning Representations.2017.
[19]LI F F,FERGUS R,PERONA P,et al.One-shot learning of object categories[J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2006,28(4):594-611.
[20]SATORRAS V G,ESTRACH J B.Few-shot learning withgraph neural networks[C]∥International Conference on Learning Representations.2018.
[21]YOUNG W T,MEMORY A,GOLDBERG H G,et al.Detecting unknown insider threat scenarios[C]∥IEEE Symposium on Security and Privacy.2014:277-288.
[22]LI Y H,XIA J B,ZHANG S L,et al.An efficient intrusion detection system based on support vector machines and gradually feature removal method[J].Expert Systems with Applications,2012,39(1):424-430.
[23]LIPPMANN R P,CUNNINGHAM R K.Improving intrusiondetection performance using keyword selection and neural networks[J].Computer Networks,2000,34(4):597-603.
[24]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Neural Computation,1997,9(8):1735-1780.
[25]VINYALS O,BENGIO S,KUDLUR M.Order matters:se-quence to sequence for sets[C]∥Trnational Conference on Learning Representations.2016.
[26]LAKE B M,SALAKHUTDINOV R,GROSS J,et al.One shot learning of simple visual concepts[J].Cognitive Science,2011,33(33).
[27]RUSSAKOVSKY O,DENG J,SU H,et al.ImageNet large scale visual recognition challenge[J].International Journal of Computer Vision,2015,115(3):211-252.
[28]LINDAUER B,GLASSER J,ROSEN M,et al.Generating test data for insider threat detectors[J].Journal of Wireless Mobile Networks,Ubiquitous Computing,and Dependable Applications,2013,5(2):80-94.
[29]CAPPELLI D M,MOORE A P,TRZECIAK R F.The CERT Guide to Insider Threats:How to Prevent,Detect,and Respond to Information Technology Crimes[M].Hoboken:Addison-Wesley Professional,2012.
[30]MERKEL D.Docker:lightweight linux containers for consistent development and deployment[J].Linux Journal,2014,2014(239):2.
[1] LI Hui, LI Xiu-hua, XIONG Qing-yu, WEN Jun-hao, CHENG Lu-xi, XING Bin. Edge Computing Enabling Industrial Internet:Architecture,Applications and Challenges [J]. Computer Science, 2021, 48(1): 1-10.
[2] LIU Tong, FANG Lu, GAO Hong-hao. Survey of Task Offloading in Edge Computing [J]. Computer Science, 2021, 48(1): 11-15.
[3] LIANG Jun-bin, TIAN Feng-sen, JIANG Chan, WANG Tian-shu. Survey on Task Offloading Techniques for Mobile Edge Computing with Multi-devices and Multi-servers in Internet of Things [J]. Computer Science, 2021, 48(1): 16-25.
[4] YU Xue-yong, CHEN Tao. Privacy Protection Offloading Algorithm Based on Virtual Mapping in Edge Computing Scene [J]. Computer Science, 2021, 48(1): 65-71.
[5] GAO Ji-xu, WANG Jun. Multi-edge Collaborative Computing Unloading Scheme Based on Genetic Algorithm [J]. Computer Science, 2021, 48(1): 72-80.
[6] WANG Chun-dong, LUO Wan-wei, MO Xiu-liang, YANG Wen-jun. Survey on Mutual Trust Authentication and Secure Communication of Internet of Vehicles [J]. Computer Science, 2020, 47(11): 1-9.
[7] ZHANG Hao, GUAN Xin-jie, BAI Guang-wei. Optimization of Mobile Charging Path of Wireless Rechargeable Sensor Networks Based on Reinforcement Learning [J]. Computer Science, 2020, 47(11): 316-321.
[8] SONG Ying, ZHONG Xian, SUN Bao-lin, GUI Chao. Sliding Window-based Network Coding Cooperative Algorithm in MANET [J]. Computer Science, 2020, 47(11): 322-326.
[9] LI Zheng-yang, TAO Yang, ZHOU Yuan-lin, YANG Liu. Energy-balanced Multi-hop Cluster Routing Protocol Based on Energy Harvesting [J]. Computer Science, 2020, 47(11A): 296-302.
[10] YAO Li-shuang, LIU Dan, PEI Zuo-fei, WANG Yun-feng. Real-time Network Traffic Prediction Model Based on EMD and Clustering [J]. Computer Science, 2020, 47(11A): 316-320.
[11] ZHAO Rui-jie, SHI Yong, ZHANG Han, LONG Jun, XUE Zhi. Webshell File Detection Method Based on TF-IDF [J]. Computer Science, 2020, 47(11A): 363-367.
[12] CHEN Xi, FENG Mei, JIANG Bo. Analysis of Kaminsky Attack and Its Abnormal Behavior [J]. Computer Science, 2020, 47(11A): 396-401.
[13] LI Xiao, QU Yang, LI Hui, GUO Shi-kai. User Importance Evaluation for Q&A Platform Based on User Relations [J]. Computer Science, 2020, 47(11A): 430-436.
[14] WANG Shuai-hui, HU Gu-yu, PAN Yu, ZHANG Zhi-yue, ZHANG Hai-feng, PAN Zhi-song. Community Detection in Signed Networks with Game Theory [J]. Computer Science, 2020, 47(11A): 449-453.
[15] CHEN Chao, ZHAO Chun-lei, ZHANG Chun-xiang, LUO Hui. Review of IoT Sonar Perception [J]. Computer Science, 2020, 47(10): 9-18.
Full text



[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[2] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[3] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[4] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[5] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[6] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[7] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[8] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[9] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .
[10] WANG Zhen-chao, HOU Huan-huan and LIAN Rui. Path Optimization Scheme for Restraining Degree of Disorder in CMT[J]. Computer Science, 2018, 45(4): 122 -125 .