Evaluation of Machine learning algorithm and SMOTE for Insider Threat Detection

Daniel Ojo, Mohammed Al-Mhiqani, Hussain Al-Aqrabi, Taher Al-Shehari

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Insider threats represent a significant risk to organizational security, characterized by their covert nature and the complexity of detecting malicious activities within legitimate user behavior. Traditional detection systems often struggle with imbalanced datasets, where the prevalence of insider threats is minimal compared to normal behavior, leading to a high rate of false positives and undetected threats. This research evaluates the effectiveness of various machine learning (ML) algorithms in identifying insider threats, with a particular focus on the implementation of Synthetic Minority Over-sampling Technique (SMOTE) to address the challenge of data imbalance. By combining SMOTE with advanced ML techniques, this study aims to enhance the accuracy and robustness of insider threat detection systems. The algorithm with the best result is Random Forest which achieved 100% accuracy, recall which is 93% and F-score of 96%. The results of this study will inform the design of more resilient security measures, better equipped to detect and respond to insider threats in a wide range of organizational contexts.
Original languageEnglish
Title of host publication5th International Symposium on Intelligent Computing Systems - ISICS 2024
PublisherSpringer
Number of pages16
Publication statusAccepted/In press - 6 Nov 2024
EventInternational Symposium on Intelligent Computing Systems - Sharjah, United Arab Emirates
Duration: 6 Nov 20247 Nov 2024

Conference

ConferenceInternational Symposium on Intelligent Computing Systems
Abbreviated titleISICS 2024
Country/TerritoryUnited Arab Emirates
CitySharjah
Period6/11/247/11/24

Cite this