Organizations’ own personnel now have a greater ability than ever before to misuse their access to critical organizational assets. Insider threat detection is a key component in identifying rare anomalies in context, which is a growing concern for many organizations. Existing perimeter security mechanisms are proving to be ineffective against insider threats. As a prospective filter for the human analysts, a new deep learning based insider threat detection method that uses the Dempster-Shafer theory is proposed to handle both accidental as well as intentional insider threats via organization’s channels of communication in real time. The long short-term memory (LSTM) architecture together with multi-head attention mechanism is applied in this work to detect anomalous network behavior patterns. Furthermore, belief is updated with Dempster’s conditional rule and utilized to fuse evidence to achieve enhanced prediction. The CERT Insider Threat Dataset v6.2 is used to train the behavior model. Through performance evaluation, our proposed method is proven to be effective as an insider threat detection technique.

组织自己的人员现在比以往任何时候都更有能力滥用他们对关键组织资产的访问权限。内部威胁检测是在上下文中识别罕见异常的关键组成部分，这对于许多组织而言越来越引起关注。事实证明，现有的外围安全机制无法有效防御内部威胁。作为人类分析人员的潜在筛选器，提出了一种新的基于深度学习的内部威胁检测方法，该方法使用Dempster-Shafer理论通过组织的沟通渠道实时处理意外威胁和故意内部威胁。长短期记忆（LSTM）体系结构与多头注意力机制一起用于这项工作中，以检测异常的网络行为模式。此外，使用Dempster的条件规则更新信念，并用于融合证据以增强预测能力。CERT内部威胁数据集v6.2用于训练行为模型。通过性能评估，我们提出的方法被证明是有效的内部威胁检测技术。