Scribd Logo
Upload

Welcome to Scribd!

  • ML Task 1

    Uploaded by

    eg1rg
    2 views8 pages
    The document summarizes an article that proposes using a type of deep learning called Long Short Term Memory (LSTM) for insider threat detection. LSTM is well-suited for this task as it can recognize patterns in sequential data like employee activity logs over time. The system applies techniques like gray encoding to maintain the temporal order of activities and sentiment analysis to classify behaviors. Evaluation on a real-world dataset showed the LSTM model improved detection of false positives and negatives while achieving high overall accuracy.

    Original Description:

    Original Title

    ml task 1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes an article that proposes using a type of deep learning called Long Short Term Memory (LSTM) for insider threat detection. LSTM is well-suited for this task as it can recognize patterns in sequential data like employee activity logs over time. The system applies techniques like gray encoding to maintain the temporal order of activities and sentiment analysis to classify behaviors. Evaluation on a real-world dataset showed the LSTM model improved detection of false positives and negatives while achieving high overall accuracy.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views8 pages

    ML Task 1

    Uploaded by

    eg1rg
    The document summarizes an article that proposes using a type of deep learning called Long Short Term Memory (LSTM) for insider threat detection. LSTM is well-suited for this task as it can recognize patterns in sequential data like employee activity logs over time. The system applies techniques like gray encoding to maintain the temporal order of activities and sentiment analysis to classify behaviors. Evaluation on a real-world dataset showed the LSTM model improved detection of false positives and negatives while achieving high overall accuracy.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Machine learning Project

    TASK 1

    Study 5 articles on insider threat


    explain each and write down
    advantages drawbacks and
    methodology

    BY
    110120055 Satya Sai Siva Srinivas
    Article link :
    https://www.sciencedirect.com/science/article/abs/
    pii/S0167404822004588

    Enhancing false negative and


    positive rates for efficient insider
    threat detection

    Explanation:
    • Author propose a new system for
    detecting insider threats using deep
    learning techniques. Specifically, they
    use a type of deep learning network
    called Long Short Term Memory
    (LSTM).
    • LSTM works like a smart student who
    takes notes during a lecture. It has a
    memory where it can store and retrieve
    important details. This memory helps
    LSTM recognize patterns and make
    predictions based on what it has
    learned that helps a system detect
    insider threats more effectively.
    • Insider threats involve a series of
    actions that happen over time. LSTM
    is really good at understanding these
    patterns and sequences. It has a
    memory that remembers what
    happened before and uses that
    information to make sense of what's
    happening now
    • LSTM can automatically find important
    clues in the data. In the case of insider
    threat detection, these clues could be
    things like when and how often certain
    activities happen. By looking at the
    timing and order of action
    • To maintain the temporal behavior and
    relationships between activities
    performed by insiders Gray encoding is
    employed.
    • Gray encoding : ensures that the binary
    representation of activities follows a
    specific pattern where adjacent values
    differ by only one bit. This arrangement
    enables the detection system to
    accurately capture the order and
    transitions between activities. By
    maintaining the sequential nature of the
    data, the system can identify patterns
    and anomalies that may indicate insider
    threats.
    • The results of the evaluation show that
    the system achieved improved rates of
    detecting false positives (identifying
    benign actions as malicious) and false
    negatives (failing to identify malicious
    actions). Additionally, the system
    demonstrated a high level of overall
    accuracy with an AUC (Area Under the
    Curve) value of 97%
    • What is AUC: value is a metric used to
    evaluate the performance of a detection
    system. It represents the overall ability
    of the system to distinguish between
    positive and negative instances. Here the
    evaluation is conducted using log files
    from CERT r4.2 insiders' dataset, which
    represent the activities of employees
    over a period of eighteen working
    months.
    • Conclusion: article presents a good
    approach in detecting insider threats
    using deep learning and sentiment
    analysis. By incorporating gray encoding
    to maintain temporal relationships, the
    system improves the accuracy of
    identifying malicious actions.
    ADVANTAGES:
    1. Improved accuracy in differentiating
    between benign and malicious activities.
    2. Sentiment analysis for classifying users'
    activities based on emotional content.
    3. Gray encoding maintains temporal
    relationships between activities.
    4. Dataset reformulation into variable length
    samples for effective training.
    5. Evaluation using real-world data from
    CERT r4.2 insiders' dataset.
    6. Enhanced false positive and false negative
    rates.
    7. High AUC value of 97%.
    8. Robustness against insider threats by
    accurately identifying and classifying
    malicious activities.
    9. Utilization of Long Short Term Memory
    (LSTM) for capturing temporal patterns.
    10. Potential for adaptability to address
    emerging insider threat scenarios.
    DRAWBACKS:
    1. Limited interpretability: LSTM models are
    challenging to understand.
    2. Data requirements: LSTM models demand
    a lot of precise data.
    3. Complexity of computation: LSTM models
    are computationally challenging.
    4. Overfitting: When applied to fresh data,
    LSTM models can overfit and perform badly.
    5. False negatives and positives: LSTM
    models may provide false alarms or fail to
    detect threats.
    6. LSTM models may find it difficult to
    respond to threats that change over time.
    No specific drawbacks for gray code are
    mentioned in the article
    METHODOLOGY:
    • Using LSTM as the detection system

    • Preparing the dataset from CERT


    r4.2 insiders' logs

    • Applying sentiment analysis and


    gray encoding

    • Testing different data


    representations

    • Evaluating the system's


    performance

    • Analyzing the results

    • Demonstrating the effectiveness of


    LSTM in detecting insider threats

    • Differentiating benign and malicious


    activities

    • Improved false positive and false


    negative rates

    You might also like