HSML-ITD: HYBRID SUPERVISED MACHINE LEARNING FRAMEWORK FOR INSIDER THREAT DETECTION
DOI:
https://doi.org/10.55197/qjoest.v6i1.202Keywords:
insider threat detection, hybrid machine learning, Support Vector Machine (SVM), Adaptive Neuro-Fuzzy Inference System (ANFIS), cybersecurityAbstract
The digital transformation driven by Information and Communication Technology (ICT) has amplified data accessibility and operational efficiency across organizations. However, it has also escalated cybersecurity vulnerabilities, with insider threats emerging as a critical concern. Traditional detection methods often fail to address the sophisticated and evolving nature of these threats, necessitating advanced solutions. This study proposes the Hybrid Supervised Machine Learning Framework for Insider Threat Detection (HSML-ITD), integrating Support Vector Machines (SVM) for initial data classification and Adaptive Neuro-Fuzzy Inference Systems (ANFIS) for predictive learning. The model aims to enhance detection accuracy, reduce false positives, and provide a robust mechanism for insider threat mitigation. The framework was developed using the CERT insider threat dataset, with a structured methodology comprising data preprocessing, SVM-based classification, and ANFIS-based predictive learning. Performance was evaluated using a 5-fold cross-validation technique and comparative analyses with conventional models were conducted to validate the hybrid approach. The HSML-ITD demonstrated superior performance, achieving an accuracy of 92%, precision of 93%, recall of 89%, and F1-Score of 91%. Comparative analysis revealed significant improvements over standalone models, particularly in handling noisy data and high-dimensional input spaces. The hybrid model effectively balanced prediction accuracy and robustness, addressing limitations of conventional methods. The HSML-ITD offers a scalable and accurate solution for insider threat detection, significantly enhancing organizational cybersecurity. Future research will focus on incorporating real-time detection capabilities, optimizing computational efficiency, and expanding validation across diverse datasets. By addressing these aspects, the model can further solidify its applicability in dynamic threat environments.
References
Al-Mhiqani, M.N., Ahmad, R., Abidin, Z.Z., Abdulkareem, K.H., Mohammed, M.A., Gupta, D., Shankar, K. (2022): A new intelligent multilayer framework for insider threat detection. – Computers & Electrical Engineering 97: 23p.
Almusawy, B., Alrammahi, A.A. (2024): Insider Detection Using Combination of Machine Learning and Expert Policies. – International Journal of Electrical and Electronic Engineering & Telecommunications 13(5): 389-396
Atadoga, A., Sodiya, E.O., Umoga, U.J., Amoo, O.O. (2024): A comprehensive review of machine learning’s role in enhancing network security and threat detection. – World Journal of Advanced Research and Reviews 21(2): 877-886.
Bhandari, D., Pudashine, K. (2023): Insider Threat Detection using LSTM. – Journal of Science and Technology 3(1): 57-65.
Choraś, M., Kozik, R. (2018): Machine learning techniques for threat modeling and detection. – In Security and Resilience in Intelligent Data-Centric Systems and Communication Networks, Academic Press 13p.
Cybersecurity Insiders Web Portal (2024): 2024 Insider Threat Report [Gurucul]. – Cybersecurity Insiders Web Portal 2p.
Eguavoen, V., Nwelih, E. (2023): Hybrid Soft Computing System for Student Performance Evaluation. – Studia Universitatis Babes-Bolyai Engineering 68(1): 3-17.
Gamachchi, A., Sun, L., Boztas, S. (2018): A graph based framework for malicious insider threat detection. – ArXiv Preprint ArXiv:1809.00141 18p.
Gong, Y., Cui, S., Liu, S., Jiang, B., Dong, C., Lu, Z. (2024): Graph-based insider threat detection: A survey. – Computer Networks 254: 21p.
Intermixit Web Portal (2024): Insider threats. – Intermixit Web Portal 12p.
Janjua, F., Masood, A., Abbas, H., Rashid, I. (2020): Handling insider threat through supervised machine learning techniques. – Procedia Computer Science 177: 64-71.
Kim, J., Park, M., Kim, H., Cho, S., Kang, P. (2019): Insider threat detection based on user behavior modeling and anomaly detection algorithms. – Applied Sciences 9(19): 21p.
Le, D.C., Zincir-Heywood, N., Heywood, M.I. (2020): Analyzing data granularity levels for insider threat detection using machine learning. – IEEE Transactions on Network and Service Management 17(1): 30-44.
Nayak, A., Raghatate, K.S. (2024): Implementing adaptive neuro-fuzzy inference systems (ANFIS) for risk assessment of drug interactions. – Communication on Applied Nonlinear Analysis 32(2s): 87-94.
Nikiforova, O., Romanovs, A., Zabiniako, V., Kornienko, J. (2024): Detecting and identifying insider threats based on advanced clustering methods. – IEEE Access 12: 30242-30253.
OpenText Web Portal (2024): What is an insider threat? – OpenText Web Portal 6p.
Gayathri, R.G., Sajjanhar, A., Xiang, Y. (2024): Hybrid deep learning model using spcagan augmentation for insider threat analysis. – Expert Systems with Applications 249: 14p.
Rauf, U., Mohsen, F., Wei, Z. (2023): A taxonomic classification of insider threats: Existing techniques, future directions & recommendations. – Journal of Cyber Security and Mobility 12(2): 221-252.
Rauf, U., Shehab, M., Qamar, N., Sameen, S. (2021): Formal approach to thwart against insider attacks: A bio-inspired auto-resilient policy regulation framework. – Future Generation Computer Systems 117: 412-425.
Sheykhkanloo, N.M., Hall, A. (2020): Insider threat detection using supervised machine learning algorithms on an extremely imbalanced dataset. – International Journal of Cyber Warfare and Terrorism (IJCWT) 10(2): 1-26.
Smith, G. (2024): Insider Threat Statistics: (2025’s Most Shocking Trends). – Station X Web Portal 26p.
Song, S., Gao, N., Zhang, Y., Ma, C. (2024): BRITD: behavior rhythm insider threat detection with time awareness and user adaptation. – Cybersecurity 7(1): 20p.
TN, N., Pramod, D. (2024): Insider intrusion detection techniques: A state-of-the-art review. – Journal of Computer Information Systems 64(1): 106-123.
Verizon Business Web Portal (2023): 2024 Data Breach Investigations Report. – Verizon Business Web Portal 12p.
Von Der Assen, J., Hochuli, J., Grübl, T., Stiller, B. (2024): The Danger Within: Insider Threat Modeling Using Business Process Models. – In 2024 IEEE International Conference on Cyber Security and Resilience (CSR), IEEE 7p.
Wei, Z., Rauf, U., Mohsen, F. (2024): E-Watcher: insider threat monitoring and detection for enhanced security. – Annals of Telecommunications 79(11): 819-831.
Yi, J., Tian, Y. (2024): Insider threat detection model enhancement using hybrid algorithms between unsupervised and supervised learning. – Electronics 13(5): 17p.
Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B. (2018): Insider threat detection with deep neural network. – In Computational Science-ICCS 2018: 18th International Conference, Wuxi, China, Springer International Publishing 11p.
Yuan, S., Wu, X. (2021): Deep learning for insider threat detection: Review, challenges and opportunities. – Computers & Security 104: 10p.
