Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection

Daniel  Ojo; Mohammed Al-Mhiqani; Hussain Al-Aqrabi; Taher Al-Shehari

doi:10.1007/978-3-031-82931-4_23

Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection

Daniel Ojo, Mohammed Al-Mhiqani, Hussain Al-Aqrabi, Taher Al-Shehari

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Insider threats represent a significant risk to organizational security, characterized by their covert nature and the complexity of detecting malicious activities within legitimate user behavior. Traditional detection systems often struggle with imbalanced datasets, where the prevalence of insider threats is minimal compared to normal behavior, leading to a high rate of false positives and undetected threats. This research evaluates the effectiveness of various machine learning (ML) algorithms in identifying insider threats, with a particular focus on the implementation of Synthetic Minority Over-sampling Technique (SMOTE) to address the challenge of data imbalance. By combining SMOTE with advanced ML techniques, this study aims to enhance the accuracy and robustness of insider threat detection systems. The algorithm with the best result is Random Forest which achieved 100% accuracy, recall which is 93% and F-score of 96%. The results of this study will inform the design of more resilient security measures, better equipped to detect and respond to insider threats in a wide range of organizational contexts.

Original language	English
Title of host publication	Intelligent Computing Systems
Subtitle of host publication	5th International Symposium, ISICS 2024, Sharjah, United Arab Emirates, November 6–7, 2024, Proceedings
Editors	Asad Safi, Anabel Martin-Gonzalez, Carlos Brito-Loeza, Victor Castañeda-Zeman
Publisher	Springer, Cham
Pages	303-318
Number of pages	16
Edition	1st
ISBN (Electronic)	9783031829314
ISBN (Print)	9783031829307
DOIs	https://doi.org/10.1007/978-3-031-82931-4_23
Publication status	Published - 27 Feb 2025
Event	International Symposium on Intelligent Computing Systems - Sharjah, United Arab Emirates Duration: 6 Nov 2024 → 7 Nov 2024

Publication series

Name	Communications in Computer and Information Science
Volume	2381 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	International Symposium on Intelligent Computing Systems
Abbreviated title	ISICS 2024
Country/Territory	United Arab Emirates
City	Sharjah
Period	6/11/24 → 7/11/24

Access to Document

10.1007/978-3-031-82931-4_23Licence: Unspecified

Cite this

Ojo, D., Al-Mhiqani, M., Al-Aqrabi, H., & Al-Shehari, T. (2025). Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection. In A. Safi, A. Martin-Gonzalez, C. Brito-Loeza, & V. Castañeda-Zeman (Eds.), Intelligent Computing Systems: 5th International Symposium, ISICS 2024, Sharjah, United Arab Emirates, November 6–7, 2024, Proceedings (1st ed., pp. 303-318). (Communications in Computer and Information Science; Vol. 2381 CCIS). Springer, Cham. https://doi.org/10.1007/978-3-031-82931-4_23

Ojo, Daniel ; Al-Mhiqani, Mohammed ; Al-Aqrabi, Hussain et al. / Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection. Intelligent Computing Systems: 5th International Symposium, ISICS 2024, Sharjah, United Arab Emirates, November 6–7, 2024, Proceedings. editor / Asad Safi ; Anabel Martin-Gonzalez ; Carlos Brito-Loeza ; Victor Castañeda-Zeman. 1st. ed. Springer, Cham, 2025. pp. 303-318 (Communications in Computer and Information Science).

@inproceedings{05df7f9884104a08ba71367d24081465,

title = "Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection",

abstract = "Insider threats represent a significant risk to organizational security, characterized by their covert nature and the complexity of detecting malicious activities within legitimate user behavior. Traditional detection systems often struggle with imbalanced datasets, where the prevalence of insider threats is minimal compared to normal behavior, leading to a high rate of false positives and undetected threats. This research evaluates the effectiveness of various machine learning (ML) algorithms in identifying insider threats, with a particular focus on the implementation of Synthetic Minority Over-sampling Technique (SMOTE) to address the challenge of data imbalance. By combining SMOTE with advanced ML techniques, this study aims to enhance the accuracy and robustness of insider threat detection systems. The algorithm with the best result is Random Forest which achieved 100% accuracy, recall which is 93% and F-score of 96%. The results of this study will inform the design of more resilient security measures, better equipped to detect and respond to insider threats in a wide range of organizational contexts.",

keywords = "Cyber security, Insider threat, Machine Learning, Detection",

author = "Daniel Ojo and Mohammed Al-Mhiqani and Hussain Al-Aqrabi and Taher Al-Shehari",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; International Symposium on Intelligent Computing Systems, ISICS 2024 ; Conference date: 06-11-2024 Through 07-11-2024",

year = "2025",

month = feb,

day = "27",

doi = "10.1007/978-3-031-82931-4_23",

language = "English",

isbn = "9783031829307",

series = "Communications in Computer and Information Science",

publisher = "Springer, Cham",

pages = "303--318",

editor = "Asad Safi and Anabel Martin-Gonzalez and Carlos Brito-Loeza and Victor Casta{\~n}eda-Zeman",

booktitle = "Intelligent Computing Systems",

address = "Switzerland",

edition = "1st",

}

Ojo, D, Al-Mhiqani, M, Al-Aqrabi, H & Al-Shehari, T 2025, Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection. in A Safi, A Martin-Gonzalez, C Brito-Loeza & V Castañeda-Zeman (eds), Intelligent Computing Systems: 5th International Symposium, ISICS 2024, Sharjah, United Arab Emirates, November 6–7, 2024, Proceedings. 1st edn, Communications in Computer and Information Science, vol. 2381 CCIS, Springer, Cham, pp. 303-318, International Symposium on Intelligent Computing Systems, Sharjah, United Arab Emirates, 6/11/24. https://doi.org/10.1007/978-3-031-82931-4_23

Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection. / Ojo, Daniel ; Al-Mhiqani, Mohammed; Al-Aqrabi, Hussain et al.

Intelligent Computing Systems: 5th International Symposium, ISICS 2024, Sharjah, United Arab Emirates, November 6–7, 2024, Proceedings. ed. / Asad Safi; Anabel Martin-Gonzalez; Carlos Brito-Loeza; Victor Castañeda-Zeman. 1st. ed. Springer, Cham, 2025. p. 303-318 (Communications in Computer and Information Science; Vol. 2381 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection

AU - Ojo, Daniel

AU - Al-Mhiqani, Mohammed

AU - Al-Aqrabi, Hussain

AU - Al-Shehari, Taher

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025/2/27

Y1 - 2025/2/27

N2 - Insider threats represent a significant risk to organizational security, characterized by their covert nature and the complexity of detecting malicious activities within legitimate user behavior. Traditional detection systems often struggle with imbalanced datasets, where the prevalence of insider threats is minimal compared to normal behavior, leading to a high rate of false positives and undetected threats. This research evaluates the effectiveness of various machine learning (ML) algorithms in identifying insider threats, with a particular focus on the implementation of Synthetic Minority Over-sampling Technique (SMOTE) to address the challenge of data imbalance. By combining SMOTE with advanced ML techniques, this study aims to enhance the accuracy and robustness of insider threat detection systems. The algorithm with the best result is Random Forest which achieved 100% accuracy, recall which is 93% and F-score of 96%. The results of this study will inform the design of more resilient security measures, better equipped to detect and respond to insider threats in a wide range of organizational contexts.

AB - Insider threats represent a significant risk to organizational security, characterized by their covert nature and the complexity of detecting malicious activities within legitimate user behavior. Traditional detection systems often struggle with imbalanced datasets, where the prevalence of insider threats is minimal compared to normal behavior, leading to a high rate of false positives and undetected threats. This research evaluates the effectiveness of various machine learning (ML) algorithms in identifying insider threats, with a particular focus on the implementation of Synthetic Minority Over-sampling Technique (SMOTE) to address the challenge of data imbalance. By combining SMOTE with advanced ML techniques, this study aims to enhance the accuracy and robustness of insider threat detection systems. The algorithm with the best result is Random Forest which achieved 100% accuracy, recall which is 93% and F-score of 96%. The results of this study will inform the design of more resilient security measures, better equipped to detect and respond to insider threats in a wide range of organizational contexts.

KW - Cyber security

KW - Insider threat

KW - Machine Learning

KW - Detection

UR - https://isics.cedai.cl/2024/

UR - https://doi.org/10.1007/978-3-031-82931-4

UR - http://www.scopus.com/inward/record.url?scp=86000438410&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-82931-4_23

DO - 10.1007/978-3-031-82931-4_23

M3 - Conference contribution

SN - 9783031829307

T3 - Communications in Computer and Information Science

SP - 303

EP - 318

BT - Intelligent Computing Systems

A2 - Safi, Asad

A2 - Martin-Gonzalez, Anabel

A2 - Brito-Loeza, Carlos

A2 - Castañeda-Zeman, Victor

PB - Springer, Cham

T2 - International Symposium on Intelligent Computing Systems

Y2 - 6 November 2024 through 7 November 2024

ER -

Ojo D, Al-Mhiqani M, Al-Aqrabi H, Al-Shehari T. Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection. In Safi A, Martin-Gonzalez A, Brito-Loeza C, Castañeda-Zeman V, editors, Intelligent Computing Systems: 5th International Symposium, ISICS 2024, Sharjah, United Arab Emirates, November 6–7, 2024, Proceedings. 1st ed. Springer, Cham. 2025. p. 303-318. (Communications in Computer and Information Science). Epub 2025 Feb 26. doi: 10.1007/978-3-031-82931-4_23

Evaluation of Machine Learning Algorithm and SMOTE for Insider Threat Detection

Abstract

Publication series

Conference

Access to Document

Other files and links

Cite this