Detecting insider threat within institutions using CERT dataset and different ML techniques

The reason of countries development in industrial and commercial enterprises fields in those countries. The security of a particular country depends on its security institutions, the confidentiality of its employees, their information, the target's information, and information about the forensic evidence for those targets. One of the most important and critical problems in such institutions is the problem of discovering an insider threat that causes loss, damage, or theft the information to hostile or competing parties. This threat is represented by a person who represents one of the employees of the institution, the goal of that person is to steal information or destroy it for the benefit of another institution's desires. The difficulty in detecting this type of threat is due to the difficulty of analyzing the behavior of people within the organization according to their physiological characteristics. In this research, CERT dataset that produced by the University of Carnegie Mellon University has been used in this investigation to detect insider threat. The dataset has been preprocessed. Five effective features were selected to apply three ML techniques Random Forest, Naïve Bayes, and 1 Nearest Neighbor. The results obtained and listed sequentially as 89.75917519%, 91.96650826%, and 94.68205476% with an error rate of 10.24082481%, 8.03349174%, and 5.317945236%

Ensemble strategy for insider threat detection from user activity logs

In the information era, the core business and confidential information of enterprises/organizations is stored in information systems. However, certain malicious inside network users exist hidden inside the organization; these users intentionally or unintentionally misuse the privileges of the organization to obtain sensitive information from the company. The existing approaches on insider threat detection mostly focus on monitoring, detecting, and preventing any malicious behavior generated by users within an organization’s system while ignoring the imbalanced ground-truth insider threat data impact on security. To this end, to be able to detect insider threats more effectively, a data processing tool was developed to process the detected user activity to generate information-use events, and formulated a Data Adjustment (DA) strategy to adjust the weight of the minority and majority samples. Then, an efficient ensemble strategy was utilized, which applied the extreme gradient boosting (XGBoost) model combined with the DA strategy to detect anomalous behavior. The CERT dataset was used for an insider threat to evaluate our approach, which was a real-world dataset with artificially injected insider threat events. The results demonstrated that the proposed approach can effectively detect insider threats, with an accuracy rate of 99.51% and an average recall rate of 98.16%. Compared with other classifiers, the detection performance is improved by 8.76%

Strategies for Cybercrime Prevention in Information Technology Businesses

Cybercrime continues to be a devastating phenomenon, impacting individuals and businesses across the globe. Information technology (IT) businesses need solutions to defend and secure their data and networks from cyberattacks. Grounded in general systems theory and transformational leadership theory, the purpose of this qualitative multiple case study was to explore strategies IT business leaders use to protect their systems from a cyberattack. The participants included six IT business leaders with experience in cybersecurity or system security in the Midlands region of South Carolina. Data were collected using semistructured interviews and reviews of government standards documents; data were analyzed using thematic analysis. Three themes emerged from the study: (a) cybercrime prevention strategy; (b) cybersecurity awareness, training, and education; and (c) effective leadership. A key recommendation is for IT business leaders to ensure employees are current on cybersecurity awareness and defense techniques through regular training and education, use third-party vendors that are subject matter experts where they lack talent, and develop leaders with a transformational mindset. The implications for positive social change include the potential for IT business leaders and employees to become more proactive in learning and implementing effective cybercrime prevention strategies to keep their businesses profitable and support the needs of stakeholders and clients