@Article{cmc.2020.09649,
AUTHOR = {Shihong Zou, Huizhong Sun, Guosheng Xu, Ruijie Quan},
TITLE = {Ensemble Strategy for Insider Threat Detection from User  Activity Logs},
JOURNAL = {Computers, Materials \& Continua},
VOLUME = {65},
YEAR = {2020},
NUMBER = {2},
PAGES = {1321--1334},
URL = {http://www.techscience.com/cmc/v65n2/39876},
ISSN = {1546-2226},
ABSTRACT = {In the information era, the core business and confidential information of 
enterprises/organizations is stored in information systems. However, certain malicious 
inside network users exist hidden inside the organization; these users intentionally or 
unintentionally misuse the privileges of the organization to obtain sensitive information 
from the company. The existing approaches on insider threat detection mostly focus on 
monitoring, detecting, and preventing any malicious behavior generated by users within an 
organization’s system while ignoring the imbalanced ground-truth insider threat data 
impact on security. To this end, to be able to detect insider threats more effectively, a data 
processing tool was developed to process the detected user activity to generate informationuse events, and formulated a Data Adjustment (DA) strategy to adjust the weight of the 
minority and majority samples. Then, an efficient ensemble strategy was utilized, which 
applied the extreme gradient boosting (XGBoost) model combined with the DA strategy to 
detect anomalous behavior. The CERT dataset was used for an insider threat to evaluate our 
approach, which was a real-world dataset with artificially injected insider threat events. The 
results demonstrated that the proposed approach can effectively detect insider threats, with 
an accuracy rate of 99.51% and an average recall rate of 98.16%. Compared with other 
classifiers, the detection performance is improved by 8.76%.},
DOI = {10.32604/cmc.2020.09649}
}