Social network malicious insider detection using time-based trust evaluation

Abstract

In recent years, malicious insider attacks have become a common fraudulent activity in which an attacker is often perceived as a trusted entity in Social Networks (SNs). At present, machine learning (ML) approaches are widely used to identify the behavior of users in the network. From this perspective, this paper presents an integrated approach, namely, Social network malicious insider detection (SID), which consists of long short-term memory (LSTM) and time-based trust evaluation (TBTE). The proposed SID aims to identify deviations in SN user behavior by monitoring their data. The proposed SID uses LSTM, an advanced version of the recurrent neural network (RNN), which precisely predicts the behavior of users and identifies the anomaly pattern in SNs. A time-based trust evaluation method is integrated with LSTM, which not only differentiates the abnormal behavior of SN users but also precisely categorizes an anomaly node as a malicious node, a new user or a broken node. Moreover, the proposed SID detects insiders accurately and reduces false alarms by providing a novel quantitative analysis for computing the balancing factor according to time, which avoids the misinterpretation of normal user patterns as anomalies. The performance of the proposed SID is evaluated in real time, which demonstrates that the detection accuracy for attacks is 96% for normal users and 98% for new users with a smaller time span.