Detecting the Insider Threat with Long Short Term Memory (LSTM) Neural Networks
This addresses the challenge of insider threat detection for organizations, but it is incremental as it applies an existing deep learning method to a specific domain.
The study tackled the problem of detecting insider threats by analyzing large, unstructured electronic logs using Long Short-Term Memory (LSTM) neural networks, demonstrating effectiveness in reducing the search space for security analysts on a very large, anonymized dataset.
Information systems enable many organizational processes in every industry. The efficiencies and effectiveness in the use of information technologies create an unintended byproduct: misuse by existing users or somebody impersonating them - an insider threat. Detecting the insider threat may be possible if thorough analysis of electronic logs, capturing user behaviors, takes place. However, logs are usually very large and unstructured, posing significant challenges for organizations. In this study, we use deep learning, and most specifically Long Short Term Memory (LSTM) recurrent networks for enabling the detection. We demonstrate through a very large, anonymized dataset how LSTM uses the sequenced nature of the data for reducing the search space and making the work of a security analyst more effective.