Anomaly Detection Using Deep Learning and Big Data Analytics for the Insider Threat Platform

Abstract

Insider Threat is not a new principle, with examples of trusted insiders being malicious throughout human history, from Julius Caesar to Edward Snowden. Recently, Insiders are becoming an ever-increasing threat to organisations, being among the most damaging of security breaches; as these do not originate from external factors, but from trusted employees with access to sensitive company information and systems. Establishing whether observed behavioural data is anomalous or benign is an important task; becoming an even more complex problem when combined with the big data available to an Insider Threat platform. The work presented within this research employs a data-driven approach to the analysis of large-scale time-series data generated by a large volume of users interacting with an organisation over an extended period. First, this research identified and provided a comprehensive overview of techniques currently employed by Insider Threat teams to determine possible security threats, examining the utilised approaches in comparison to current deep anomaly detection techniques. Then, these methods were utilised to implement a process of using anomaly detection and deep learning techniques for improved identification of potential Insiders.