@inproceedings{a0c78281d5a44f94a09800641a4cad8c,
title = "Anomaly Detection for Insider Threats: An Objective Comparison of Machine Learning Models and Ensembles",
abstract = "Insider threat detection is challenging due to the wide variety of possible attacks and the limited availability of real threat data for testing. Most previous anomaly detection studies have relied on synthetic threat data, such as the CERT insider threat dataset. However, several previous studies have used models that arguably introduce bias, such as the selective use of metrics, and reusing the same dataset with the prior knowledge of the answer labels. In this paper, we create and test a host of models following some guidelines of good conduct to produce what we believe to be a more objective comparison of these models. Our results indicate that majority voting ensembles are a simple and cost-effective way of boosting the quality of results from individual machine learning models, both on the CERT data and on a version augmented with additional attacks. We include a comparison of models with their hyperparameters optimized for different target metrics.",
keywords = "Anomaly detection, Ensembles, Insider threat, Machine learning",
author = "Filip Bartoszewski and Mike Just and Lones, {Michael Adam} and Oleksii Mandrychenko",
note = "Funding Information: Supported by The Datalab, https://www.thedatalab.com/. Publisher Copyright: {\textcopyright} 2021, IFIP International Federation for Information Processing.; 36th IFIP TC 11 International Conference 2021, SEC 2021 ; Conference date: 22-06-2021 Through 24-06-2021",
year = "2021",
month = jun,
day = "15",
doi = "10.1007/978-3-030-78120-0_24",
language = "English",
isbn = "9783030781194",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer",
pages = "367--381",
editor = "Audun J{\o}sang and Lynn Futcher and Janne Hagen",
booktitle = "ICT Systems Security and Privacy Protection. SEC 2021",
address = "United States",
}