An Intelligent Insider Threat Detection using ML Techniques / (Record no. 615833)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 04122nam a22001697a 4500 |
| 003 - CONTROL NUMBER IDENTIFIER | |
| control field | NUST |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 005.8,JAN |
| 100 ## - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Nawaz Janjua, Muhammad Faisal |
| 9 (RLIN) | 132795 |
| 245 ## - TITLE STATEMENT | |
| Title | An Intelligent Insider Threat Detection using ML Techniques / |
| Statement of responsibility, etc. | Muhammad Faisal Nawaz Janjua |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. | |
| Place of publication, distribution, etc. | Rawalpindi, |
| Name of publisher, distributor, etc. | MCS (NUST), |
| Date of publication, distribution, etc. | November 2021 |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | xviii, 128 p |
| 505 ## - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Organization’s data confidentiality with strong cryptographic primitives is primarily not<br/>threatened by extramural elements, but from within the organizational boundaries i.e<br/>insider attacks. It results in breach of confidentiality, integrity and availability of the organization’s<br/>assets. Insider Threat caused by malicious abuse of authority has exceeded<br/>the traditional Trojan attacks and has become the main threat to organizations. Therefore,<br/>detection and prevention from Insider Threat is a real challenge due to enormous<br/>raw data. This issue is being dealt by research community through machine learning<br/>techniques for past few years. In the absence of a carefully crafted middle ground an<br/>employee although provided access to effectively perform his/her duty, is able to wreck<br/>scaled havoc. Which in turn hampers the organizational productivity and force the<br/>organization to shift its focus. Therefore, it is necessary to carefully design the access<br/>architecture and a system bounded by the ultimate cherry-on-top to mitigate such<br/>attacks.<br/>In this dissertation, we address this critical issue of Insider Threat through comprehensive<br/>machine learning based Frameworks.We present four different machine learningbased<br/>frameworks that aim to thwart Insider Attacks through multi-dimensional user<br/>information by including user logs, emails and psychometric features. Our first machine<br/>learning based framework named Supervised Stacked Model (S2M) is tailored towards<br/>reporting the class imbalance problem. Multiple low variance filters were tried followed<br/>by correlation filters on the output data. As part of this framework, we propose a hybrid<br/>ensemble S2M that correctly classifies and differentiate the insider samples from normal<br/>activities. Vertical and horizontal re sampling techniques were applied and tested on re<br/>sampled data set. The proposed solution is tested on CERT 4.2 dataset which has normal<br/>and malicious activities of 1000 users recorded for the year 2010 to 2011 with more than<br/>31 M records. Our second framework is named as Dynamic Weighted-Voting Ensemble (DWvEn). An ensemble model established on the weighted-voting approach for Insider<br/>Threat detection. We have brought together the feature engineering methods and ensemble<br/>learners that amicably classify the majority of malicious activities. Our proposed<br/>framework dynamically assigns weights to base learners predicted on their competency.<br/>We evaluated DWvEn on a substantial and largest publicly available datasets CERT 4.2<br/>and CERT 6.2 by using multiple pre-processing and feature engineering techniques.<br/>As part of our email-based frameworks, we have applied semi supervised machine learning<br/>taxonomy on valuable collection of Enron corpus and TWOS datasets for the identification<br/>of unlabeled malicious emails and handling the Over-fitting issue in small<br/>dataset respectively. The former research is devoted to “traitor detection” which has<br/>remained very restricted as compared to “masquerader detection”. In this research<br/>Class label identification done through clustering algorithm and prediction of malicious<br/>emails is carried out by using multiple Machine Learning Classifiers. The frameworks<br/>and methodologies presented in this dissertation can assist a broad spectrum of organizations<br/>in attenuating Insider Threats.<br/>Conclusively, this thesis presents a comprehensive Intelligent Framework for effective<br/>classification of Insider Threats and essential to have multiple Models/ Frameworks<br/>depending on the type of datasets being handled. |
| 650 ## - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | PhD Information Security Thesis |
| 9 (RLIN) | 132793 |
| 651 ## - SUBJECT ADDED ENTRY--GEOGRAPHIC NAME | |
| Geographic name | PhD IS Thesis |
| 9 (RLIN) | 132794 |
| 700 ## - ADDED ENTRY--PERSONAL NAME | |
| Personal name | Supervised by Dr. Asif Masood |
| 9 (RLIN) | 132796 |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | |
| Koha item type | Thesis |
| Withdrawn status | Lost status | Source of classification or shelving scheme | Damaged status | Not for loan | Permanent Location | Current Location | Shelving location | Date acquired | Total Checkouts | Full call number | Barcode | Date last seen | Price effective from | Koha item type | Public note |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Military College of Signals (MCS) | Military College of Signals (MCS) | Thesis | 01/17/2026 | 005.8,JAN | MCSPhD IS-08 | 01/17/2026 | 01/17/2026 | Thesis | Almirah No.68, Shelf No.5 |