Enhancing Insider Threat Detection in Imbalanced Cybersecurity Settings Using the Density-Based Local Outlier Factor Algorithm

Taher Ali Al-Shehari; Domenico Rosaci; Muna Al-Razgan; Taha Alfakih; Mohammed Kadrie; Hammad Afzal; Raheel Nawaz

doi:10.1109/ACCESS.2024.3373694

IEEE Access (Jan 2024)

Enhancing Insider Threat Detection in Imbalanced Cybersecurity Settings Using the Density-Based Local Outlier Factor Algorithm

Taher Ali Al-Shehari,
Domenico Rosaci,
Muna Al-Razgan,
Taha Alfakih,
Mohammed Kadrie,
Hammad Afzal,
Raheel Nawaz

Affiliations

Taher Ali Al-Shehari: ORCiD; Department of Self-Development Skill, Common First Year Deanship, King Saud University, Riyadh, Saudi Arabia
Domenico Rosaci: ORCiD; Department of Information Engineering, Infrastructure and Sustainable Energy (DIIES), Mediterranea University of Reggio Calabria, Reggio Calabria, Italy
Muna Al-Razgan: ORCiD; Department of Software Engineering, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia
Taha Alfakih: ORCiD; Department of Information Systems, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia
Mohammed Kadrie: Department of Self-Development Skill, Common First Year Deanship, King Saud University, Riyadh, Saudi Arabia
Hammad Afzal: ORCiD; National University of Sciences and Technology, Islamabad, Pakistan
Raheel Nawaz: ORCiD; Executive Group, Staffordshire University, Stoke-on-Trent, U.K.

DOI: https://doi.org/10.1109/ACCESS.2024.3373694
Journal volume & issue: Vol. 12
pp. 34820 – 34834

Abstract

Read online

In today’s interconnected world, cybersecurity has emerged as a critical domain for ensuring the integrity, confidentiality, and availability of digital assets. Within this sphere, insider threats represent a unique and particularly insidious class of security risks, originating not from external hackers but from within the organization itself. These threats are perpetrated by individuals with inside information concerning the organization’s security practices, data, and computer systems. Traditional security measures like firewalls, intrusion detection systems, and antivirus software are often inadequate for tackling insider threats effectively, owing to their focus on external threats. This inadequacy underscores the urgent need for the development and implementation of more sophisticated, targeted detection techniques for insider threats. In response to this challenge, our research introduces an innovative approach that employs the Density-Based Local Outlier Factor (DBLOF) algorithm, fine-tuned to specifically tackle the challenges posed by the imbalanced nature of the CERT r4.2 insider threat dataset. This dataset is characterized by a highly skewed distribution, with a significant majority of benign instances and only a minimal proportion of malicious activities. Conventional detection algorithms often fail to effectively identify these rare but dangerous instances, leading to a high rate of false negatives. Our methodology capitalizes on the algorithm’s ability to focus on the local density deviation of data points, thereby enabling the precise identification of outliers that are indicative of potential insider threats. Through rigorous testing and validation processes, we have achieved outstanding results, with an of F-score 98%. These remarkable outcomes not only affirm the effectiveness of the DBLOF algorithm as a powerful tool for combating insider threats but also contribute valuable insights to the broader academic and professional discourse on cybersecurity. Importantly, our findings have practical implications, offering organizations actionable recommendations for boosting their internal security mechanisms against the complex and evolving landscape of insider threats.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords