Hidden Markov Model For Insider Threat Detection
One of the most difficult cybersecurity threats to detect is the insider threat, especially when related to the detection of fraud. Normally we detect changes of behaviour and identify the key signs of someone committing an insider attack. For this, we might gather data on email traffic, remote access traffic, work patterns, and so on. Then from this data, we can make observations from inferences than can be used to define particular states. This can be used to match particular indicator patterns of behaviour.
ML and insider threat detection
For Machine Learning (ML) often involves two main phases: training and testing, with a common set of steps of defining the features and classes within the training data set. Next, a subset of attributes is located for classification, and a learning model applied on the training data. With the learning model, the rest of the data is then fitted back and the success rate determined. The basic process that we have in applying machine learning to cyber security is:
- Information sources. This involves defining the sources of information that would be required to capture the right information.
- Data capturing tools. This involves creating the software agents required for the required data.
- Data pre-processing…
