Threats from unintentional insiders: an assessment of an organization’s readiness using machine learning

Hafizur Rahman, M. M. and Al Naeem, Mohammed Abdul Aziz and Abubakar, Adamu (2022) Threats from unintentional insiders: an assessment of an organization’s readiness using machine learning. IEEE Access, 10. 110294 -110308. E-ISSN 2169-3536

PDF - Published Version
Restricted to Repository staff only
Download (831kB) | Request a copy

Official URL: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&ar...

Abstract

Today’s organisations are facing a number of challenges, one of the most significant of which is ensuring the safety of their digital data. This is as a result of the fact that they are frequently faced with internal and external threats that can put the data they have been entrusted with in jeopardy of being compromised. As a result of this, this study investigates the dimension of threats associated to unintentional internal user of an organisation and utilises NARX to model and test a detection scheme associated to the menace. In addition, this study aims to provide a better understanding of the current state of the threat landscape. The data adopted for this research is primarily a “user activity logs” dataset from CERT (release version r4.2). From the data, the study conceptualized “Access”, “Motivation”, and “Action” to be the key dimensions influencing “insider”, whereas “Intent”, “+Action”, “Method”, and “knowledge” are the key dimension influencing “threats”. Experimental analyses conducted by NARX within several numbers of partitions of the data point to a good detection capacity, with the greatest value of R2 coming in at 0.97. This indicates that NARX was able to detect the crucial dimension that was formulated for by the research to be the detections parameter of an inadvertent insider threat when operating under the best partition. In light of these findings, organisations can use the proposed approach to assess their preparedness for Insider attacks.

Item Type:	Article (Journal)
Subjects:	Q Science > Q Science (General) > Q300 Cybernetics
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button):	Kulliyyah of Information and Communication Technology > Department of Computer Science Kulliyyah of Information and Communication Technology > Department of Computer Science
Depositing User:	Dr Adamu Abubakar
Date Deposited:	27 Oct 2022 09:17
Last Modified:	27 Oct 2022 09:17
URI:	http://irep.iium.edu.my/id/eprint/100839

Actions (login required)

View Item

Download Statistics

Downloads

Downloads per month over past year