Anomaly Detection for Scenario-based Insider Activities using CGAN Augmented Data
This work addresses insider threat detection, a critical cybersecurity problem for organizations, but it is incremental as it applies existing CGAN and deep learning techniques to a known data imbalance issue in this domain.
The paper tackles insider threat detection by addressing data imbalance through a Conditional GAN (CGAN) to generate synthetic minority class samples, enabling multi-class anomaly detection with deep learning. The approach demonstrates effectiveness on a benchmark dataset, showing improved performance compared to existing methods across various metrics.
Insider threats are the cyber attacks from within the trusted entities of an organization. Lack of real-world data and issue of data imbalance leave insider threat analysis an understudied research area. To mitigate the effect of skewed class distribution and prove the potential of multinomial classification algorithms for insider threat detection, we propose an approach that combines generative model with supervised learning to perform multi-class classification using deep learning. The generative adversarial network (GAN) based insider detection model introduces Conditional Generative Adversarial Network (CGAN) to enrich minority class samples to provide data for multi-class anomaly detection. The comprehensive experiments performed on the benchmark dataset demonstrates the effectiveness of introducing GAN derived synthetic data and the capability of multi-class anomaly detection in insider activity analysis. Moreover, the method is compared with other existing methods against different parameters and performance metrics.