This research paper explores the use of Generative Adversarial Networks (GANs) to synthetically generate insider threat scenarios. Insider threats pose significant risks to IT infrastructures, requiring effective detection and mitigation strategies. By training GAN models on historical insider threat data, synthetic scenarios resembling real-world incidents can be generated, including various tactics and procedures employed by insiders. The paper discusses the benefits, challenges, and ethical considerations associated with using GAN-generated data. The findings highlight the potential of GANs in enhancing insider threat detection and response capabilities, empowering organizations to fortify their defenses and proactively mitigate risks posed by internal actors.
References
[1]
Glasser, J. and Lindauer, B. (2013) Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data. 2013 IEEE Security and Privacy Workshops, San Francisco, 23-24 May 2013, 98-104. https://doi.org/10.1109/SPW.2013.37
[2]
Goodfellow, I.J., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A. and Bengio, Y. (2014) Generative Adversarial Networks. arXiv: 1406.2661. https://doi.org/10.48550/arXiv.1406.2661
[3]
Gulrajani, I., Ahmed, F., Arjovsky, M., Dumoulin, V. and Courville, A. (2017) Improved Training of Wasserstein GANs. arXiv: 1704.00028. https://doi.org/10.48550/arXiv.1704.00028
[4]
Preston, M. (2022) Insider Threat Detection Data Augmentation Using WCGAN-GP. Master’s Thesis, Dalhousie University, Halifax. https://library-archives.canada.ca/eng/services/services-libraries/theses/Pages/item.aspx?idNumber=1340918697
[5]
Chawla, N.V., Bowyer, K., Hall, L. and Kegelmeyer, W. (2002) SMOTE: Synthetic Minority Over-Sampling Technique. Journal of Artificial Intelligence Research, 16, 321-357. https://doi.org/10.1613/jair.953
[6]
Hearst, M.A., Dumais, S.T., Osuna, E., Platt, J. and Scholkopf, B. (1998) Support Vector Machines. IEEE Intelligent Systems and Their Applications, 13, 18-28. https://doi.org/10.1109/5254.708428
[7]
Patle, A. and Chouhan, D.S. (2013) SVM Kernel Functions for Classification. 2013 International Conference on Advances in Technology and Engineering (ICATE), Mumbai, 23-25 January 2013, 1-9. https://doi.org/10.1109/ICAdTE.2013.6524743
[8]
Mishra, S., Sarkar, U., Taraphder, S., Datta, S., Swain, D., Saikhom, R., Panda, S. and Laishram, M. (2017) Multivariate Statistical Data Analysis—Principal Component Analysis (PCA). International Journal of Livestock Research, 7, 60-78. https://doi.org/10.5455/ijlr.20170415115235
[9]
Lundberg, S. and Lee, S.-L. (2017) A Unified Approach to Interpreting Model Predictions. 31st Conference on Neural Information Processing Systems (NIPS 2017), Long Beach, 4-9 December 2017, 1-10. https://www.researchgate.net/publication/317062430_A_Unified_Approach_to_Interpreting_Model_Predictions
[10]
Le. D.C., Zincir-Heywood, N. and Heywood, M.I. (2020) Analyzing Data Granularity Levels for Insider Threat Detection Using Machine Learning. IEEE Transactions on Network and Service Management, 17, 30-44. https://doi.org/10.1109/TNSM.2020.2967721
[11]
Le, D.C. and Zincir-Heywood, N. (2020) Exploring Adversarial Properties of Insider Threat Detection. 2020 IEEE Conference on Communications and Network Security (CNS), Avignon, 29 June-1 July 2020, 1-9.
