M-EOS: modified-equilibrium optimization-based stacked CNN for insider threat detection

Insider threats remain a serious anxiety for organizations, government agencies, and businesses. Normally, the most hazardous cyber attacks are formed by trusted insiders and not by malicious outsiders. The malicious behaviors resulting from unplanned or planned mishandling of resources, data, networks, and systems of an organization constitute an insider threat. The unsupervised behavioral anomaly detection methods are mostly developed by the traditional machine learning methods for identifying unusual or anomalous variations in user behavior. The insider threat mainly originates from an individual inside the organization who is a current or former employee who has access to sensitive information about the organization. For achieving an improvement over traditional methods, the Stacked Convolutional Neural Network- Attentional Bi-directional Gated Recurrent Unit model is proposed in this paper to detect insider threats. The CNN-Attentional BiGRU model utilizes the user activity logs and user information for time-series classification. Using the log files, the temporal data representations, and weekly and daily numerical features from various sub-models of CNN are learned by the stacked generalization. Based on the chosen feature vectors, a model is trained on the CERT insider threat dataset. The stacked CNN is combined with the Attentional BiGRU model to incorporate more complex features of the user activity logs and user data during each convolution operation without raising network parameters. Thus the classification performance is improved with less complexity. The non-linear time control, chaos-based strategy, update rules, and opposite-based learning strategies are evaluated for generating the Modified-Equilibrium Optimization. The simulation outputs obtained by the model are 92.52% accuracy, 98% Precision, 95% Recall, and 96% F1-score. Thus, the proposed model has reached higher detection performance.