Computer Science ›› 2019, Vol. 46 ›› Issue (11A): 496-501.

• Information Security • Previous Articles     Next Articles

Method for Unknown Insider Threat Detection with Small Samples

WANG Yi-feng, GUO Yuan-bo, LI Tao, KONG Jing   

  1. (Cryptography Engineering Institute,Information Engineering University,Zhengzhou 450001,China)
  • Online:2019-11-10 Published:2019-11-20

Abstract: Few insider threats are usually covered by a mass of normal data.It is difficult for traditional anomaly detection method based on machine learning to detect insider threats because of lacking in sufficient labeled data.To detect these unknown insider threats with small samples,this paper proposed a method based on prototypical networks witch used Long Short Term Memory networks to extract the features of user behavior data and updated parameters by meta learning.This method uses cosine similarity to classify new class samples which are not seen in training set.The experimental results with generated data based on CMU-CERT dataset finally show that the proposed method is effective,and the classification accuracy of detecting unknown insider threat is 88%.

Key words: Few-lhot learning, Meta learning, Prototypical networks, Unknown insider threat

CLC Number: 

  • TP393
[1]MUKHERJEE B,HEBERLEIN L T,LEVITT K N,et al.Network intrusion detection[J].IEEE Network,1994,8(3):26-41.
[2]张蕾,崔勇,刘静,等.机器学习在网络空间安全研究中的应用[J].计算机学报,2018,9:1943-1975.
[3]KOTSIANTIS S B.Supervised machine learning:a review ofclassification techniques[J].Informatica (lithuanian Academy of Sciences),2007,31(3):249-268.
[4]VILALTA R,DRISSI Y.A perspective view and survey of meta-learning[J].Artificial Intelligence Review,2002,18(2):77-95.
[5]KRIZHEVSKY A,SUTSKEVER I,HINTON G E,et al.ImageNet classification with deep convolutional neural networks[C]∥Neural Information Processing Systems,2012:1097-1105.
[6]LECUN Y,BENGIO Y,HINTON G.Deep learning[J].Nature,2015,521(7553):436.
[7]HINTON G E,SALAKHUTDINOV R.Reducing the dimen-sionality of data with neural networks[J].Science,2006,313(5786):504-507.
[8]焦李成,杨淑媛,刘芳,等.神经网络七十年:回顾与展望[J].计算机学报,2016,39(8):1697-1716.
[9]YOUNG W T,GOLDBERG H G,MEMORY A,et al.Use of domain knowledge to detect insider threats in computer activities[C]∥IEEE Symposium on Security and Privacy.2013:60-67.
[10]SENATOR T E,GOLDBERG H G,MEMORY A,et al.Detecting insider threats in a real corporate database of computer usage activity[C]∥Knowledge Discovery and Data Mining.2013:1393-1401.
[11]FINN C,ABBEEL P,LEVINE S,et al.Model-agnostic meta-learning for fast adaptation of deep networks[J].International Conference on Machine Learning,2017:1126-1135.
[12]LAKE B M,SALAKHUTDINOV R,TENENBAUM J B,et al.Human-level concept learning through probabilistic program induction[J].Science,2015,350(6266):1332-1338.
[13]SNELL J,SWERSKY K,ZEMEL R S,et al.Prototypical Networks for Few-shot Learning[J].Neural Information Processing Systems,2017:4077-4087.
[14]VINYALS O,BLUNDELL C,LILLICRAP T P,et al.Matching networks for one shot learning[J].Neural Information Processing Systems,2016:3637-3645.
[15]HOCHREITER S,YOUNGER A S,CONWELL P R,et al.Learning to Learn Using Gradient Descent[J].International Conference on Artificial Neural Networks,2001:87-94.
[16]SANTORO A,BARTUNOV S,BOTVINICK M M,et al.Meta-learning with memory-augmented neural networks[C]∥International Conference on Machine Learning.2016:1842-1850.
[17]SANTORO A,BARTUNOV S,BOTVINICK M M,et al.One-shot learning with memory-augmented neural networks[J].arXiv:Learning,2016.
[18]RAVI S,LAROCHELLE H.Optimization as a model for few-shot learning[C]∥International Conference on Learning Representations.2017.
[19]LI F F,FERGUS R,PERONA P,et al.One-shot learning of object categories[J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2006,28(4):594-611.
[20]SATORRAS V G,ESTRACH J B.Few-shot learning withgraph neural networks[C]∥International Conference on Learning Representations.2018.
[21]YOUNG W T,MEMORY A,GOLDBERG H G,et al.Detecting unknown insider threat scenarios[C]∥IEEE Symposium on Security and Privacy.2014:277-288.
[22]LI Y H,XIA J B,ZHANG S L,et al.An efficient intrusion detection system based on support vector machines and gradually feature removal method[J].Expert Systems with Applications,2012,39(1):424-430.
[23]LIPPMANN R P,CUNNINGHAM R K.Improving intrusiondetection performance using keyword selection and neural networks[J].Computer Networks,2000,34(4):597-603.
[24]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Neural Computation,1997,9(8):1735-1780.
[25]VINYALS O,BENGIO S,KUDLUR M.Order matters:se-quence to sequence for sets[C]∥Trnational Conference on Learning Representations.2016.
[26]LAKE B M,SALAKHUTDINOV R,GROSS J,et al.One shot learning of simple visual concepts[J].Cognitive Science,2011,33(33).
[27]RUSSAKOVSKY O,DENG J,SU H,et al.ImageNet large scale visual recognition challenge[J].International Journal of Computer Vision,2015,115(3):211-252.
[28]LINDAUER B,GLASSER J,ROSEN M,et al.Generating test data for insider threat detectors[J].Journal of Wireless Mobile Networks,Ubiquitous Computing,and Dependable Applications,2013,5(2):80-94.
[29]CAPPELLI D M,MOORE A P,TRZECIAK R F.The CERT Guide to Insider Threats:How to Prevent,Detect,and Respond to Information Technology Crimes[M].Hoboken:Addison-Wesley Professional,2012.
[30]MERKEL D.Docker:lightweight linux containers for consistent development and deployment[J].Linux Journal,2014,2014(239):2.
[1] LIU Yang, LI Fan-zhang. Fiber Bundle Meta-learning Algorithm Based on Variational Bayes [J]. Computer Science, 2022, 49(3): 225-231.
[2] LU Jia-you, LING Xing-hong, LIU Quan, ZHU Fei. Meta-reinforcement Learning Algorithm Based on Automating Policy Entropy [J]. Computer Science, 2021, 48(6): 168-174.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!