Open Access iconOpen Access



Anomaly Detection Based on Discrete Wavelet Transformation for Insider Threat Classification

Dong-Wook Kim1, Gun-Yoon Shin1, Myung-Mook Han2,*

1 Department of Computer Engineering, Gachon University, Seongnam-si, 13120, Korea
2 Department of AI Software, Gachon University, Seongnam-si, 13120, Korea

* Corresponding Author: Myung-Mook Han. Email: email

Computer Systems Science and Engineering 2023, 46(1), 153-164.


Unlike external attacks, insider threats arise from legitimate users who belong to the organization. These individuals may be a potential threat for hostile behavior depending on their motives. For insider detection, many intrusion detection systems learn and prevent known scenarios, but because malicious behavior has similar patterns to normal behavior, in reality, these systems can be evaded. Furthermore, because insider threats share a feature space similar to normal behavior, identifying them by detecting anomalies has limitations. This study proposes an improved anomaly detection methodology for insider threats that occur in cybersecurity in which a discrete wavelet transformation technique is applied to classify normal vs. malicious users. The discrete wavelet transformation technique easily discovers new patterns or decomposes synthesized data, making it possible to distinguish between shared characteristics. To verify the efficacy of the proposed methodology, experiments were conducted in which normal users and malicious users were classified based on insider threat scenarios provided in Carnegie Mellon University’s Computer Emergency Response Team (CERT) dataset. The experimental results indicate that the proposed methodology with discrete wavelet transformation reduced the false-positive rate by 82% to 98% compared to the case with no wavelet applied. Thus, the proposed methodology has high potential for application to similar feature spaces.


Cite This Article

D. Kim, G. Shin and M. Han, "Anomaly detection based on discrete wavelet transformation for insider threat classification," Computer Systems Science and Engineering, vol. 46, no.1, pp. 153–164, 2023.

cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 594


  • 357


  • 0


Share Link