Research On Insider Threat Situation Awareness Based On Deep Learning

The popularity of the Internet has made people’s access to information more diverse,and the important assets within the organization are no longer limited to paper-based assets.The internal staffs have corresponding access rights to the company’s internal systems and information,which increases the risk of leakage of the important digital assets of the enterprise.The leakage or damage of important information within the organization will destroy the enterprise’s reputation and property,so the research on insider threat has also received more extensive attention in recent years.The occurrence of insider threat events mainly revolves around human behavior.Therefore,learning the characteristics of staffs’ behavior from the threat scenarios,detecting the threatening behavior,and evaluating the risk of threats will effectively curb the occurrence of threat events.Due that the traditional machine learning models has certain limitations in multidimensional data modeling,this paper conducts research on the detection and prediction of staffs’ threat behavior based on the theory of deep learning and related technologies.The main research contents are as follows:(1)Aiming to overcome the problem that there are several parameters that need to be adjusted in the training process of the neural network model,an improved adaptive mutation bare-bones particle swarm optimization algorithm(AMBPSO)is proposed.The optimization algorithm is used for subsequent optimization of the hyper-parameter of the neural network model to obtain a smaller loss value at the initial training stage,which can improve the efficiency of model training.At the theoretical level,the stochastic process theory is used to prove that the AMBPSO algorithm can eventually converge to the global optimal position of the swarm.At the practical level,nine benchmark functions and other five particle swarm optimization algorithms are used for comparative experiments.The results acquired by the AMBPSO algorithm and the other five algorithms are also tested by a two-sample two-tailed t test.The experimental results show that the AMBPSO algorithm has better convergence speed and accuracy than other five particle swarm optimization algorithms.(2)To solve the problems of unbalanced positive and negative samples,incomplete threat detection and low accuracy in the process of staffs’ threat detection,an insider threat detection model based on the AMBPSO-BP neural network is proposed.At the level of threat situation element extraction,feature extraction and fusion of multi-source heterogeneous data are carried out based on staffs’ attribute features,behavioral frequency features,and statistical features.At the model training level,the proposed insider threat detection model is compared with the BP neural network of manually controlling parameters,support vector machine(SVM),gradient boosting decision tree(GBDT)and random forest(RF).The experimental results show that the AMBPSO-BP detection model has higher precision and recall,which has better practicality than the other four models.(3)According to the similarity in staffs’ behavior,extract staffs’ behavior features by a day time window to fully utilizing staffs’ historical behavior information.A role-based GRU threat risk prediction model is proposed to predict staffs’ threat risk.Meanwhile,a strategy of abnormal score has been designed to visualize the development of staffs’ abnormal behavior.Based on the long memory of GRU neural network model,a comparative experiment was conducted between the risk prediction model with staffs’ identity features added and the model without staffs’ identity features added.The experimental results show that the threat risk prediction model with staffs’ identity features can fully utilize the staffs’ own historical behavior information,be more sensitive to staffs’ abnormal behavior,and achieve both higher accuracy and recall.