| Campo DC | Valor | Idioma |
|---|
| dc.contributor.author | Peccatiello, Rafael Bruno | - |
| dc.contributor.author | Gondim, João José Costa | - |
| dc.contributor.author | Garcia, Luís Paulo Faina | - |
| dc.date.accessioned | 2024-05-22T15:25:15Z | - |
| dc.date.available | 2024-05-22T15:25:15Z | - |
| dc.date.issued | 2023 | - |
| dc.identifier.citation | PECCATIELLO, Rafael Bruno; GONDIM, João José Costa; GARCIA, Luís Paulo Faina. Applying one-class algorithms for data stream-based insider threat detection. IEEE Access, [S. l.], v. 11, p. 70560-70573, 2023. DOI: 10.1109/ACCESS.2023.3293825. Disponível em: https://ieeexplore.ieee.org/document/10177772. Acesso em: 22 maio 2024. | pt_BR |
| dc.identifier.uri | http://repositorio2.unb.br/jspui/handle/10482/48114 | - |
| dc.language.iso | eng | pt_BR |
| dc.publisher | IEEE | pt_BR |
| dc.rights | Acesso Aberto | pt_BR |
| dc.title | Applying one-class algorithms for data stream-based insider threat detection | pt_BR |
| dc.type | Artigo | pt_BR |
| dc.subject.keyword | Algoritmos | pt_BR |
| dc.subject.keyword | Ameaças cibernéticas | pt_BR |
| dc.subject.keyword | Análise de dados | pt_BR |
| dc.subject.keyword | Aprendizagem de máquina | pt_BR |
| dc.rights.license | This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ | pt_BR |
| dc.identifier.doi | 10.1109/ACCESS.2023.3293825 | pt_BR |
| dc.description.abstract1 | An insider threat is anyone who has legitimate access to a particular organization’s network and
uses that access to harm that organization. Insider threats may act with or without intent, but when they have
an intention, they usually also have some specific motivation. This motivation can vary, including but not
limited to personal discontent, financial issues, and coercion. It is hard to face insider threats with traditional
security solutions because those solutions are limited to the signature detection paradigm. To overcome
this restriction, researchers have proposed using Machine Learning which can address Insider Threat issues
more comprehensively. Some of them have used batch learning, and others have used stream learning. Batch
approaches are simpler to implement, but the problem is how to apply them in the real world. That is
because real insider threat scenarios have complex characteristics to address by batch learning. Although
more complex, stream approaches are more comprehensive and feasible to implement. Some studies have
also used unsupervised and supervised Machine Learning techniques, but obtaining labeled samples makes
it hard to implement fully supervised solutions. This study proposes a framework that combines different
data science techniques to address insider threat detection. Among them are using semi-supervised and
supervised machine learning, data stream analysis, and periodic retraining procedures. The algorithms used
in the implementation were Isolation Forest, Elliptic Envelop, and Local Outlier Factor. This study evaluated
the results according to the values obtained by the precision, recall, and F1-Score metrics. The best results
were obtained by the ISOF algorithm, with 0.78 for the positive class (malign) recall and 0.80 for the negative
class (benign) recall. | pt_BR |
| dc.identifier.orcid | https://orcid.org/0009-0001-9075-7028 | pt_BR |
| dc.identifier.orcid | https://orcid.org/0000-0002-5873-7502 | pt_BR |
| dc.identifier.orcid | https://orcid.org/0000-0003-0679-9143 | pt_BR |
| dc.contributor.affiliation | University of Brasília, Department of Computer Science | pt_BR |
| dc.contributor.affiliation | University of Brasília, Department of Computer Science | pt_BR |
| dc.contributor.affiliation | University of Brasília, Department of Computer Science | pt_BR |
| dc.description.unidade | Instituto de Ciências Exatas (IE) | pt_BR |
| dc.description.unidade | Departamento de Ciência da Computação (IE CIC) | pt_BR |
| dc.description.ppg | Programa de Pós-Graduação em Computação Aplicada, Mestrado Profissional | pt_BR |
| Aparece nas coleções: | Artigos publicados em periódicos e afins
|
