LSTM Autoencoder-Based Insider Abnormal Behavior Detection Using De-Identified Data

Seo-Yi Kim, Il-Gu Lee, Il-Gu Lee

2024

Abstract

Leakages of national core technologies and industrial secrets have occurred frequently in recent years. Unfortunately, because most of the subjects of confidential data leaks are IT managers, executives, and employees who have easy access to confidential information, more sophisticated theft is possible, and there is a risk of large-scale data leakage incidents. Insider behavior monitoring is being conducted to prevent confidential data leaks, but there is a problem with personal information being collected indiscriminately during this process. This paper proposes a security solution that protects personal privacy through a process of de-identifying data, while maintaining detection performance in monitoring insider aberrations. In the abnormal behavior detection process, a long short-term memory (LSTM) autoencoder was used. To prove the effectiveness of the proposed method, de-identification evaluation and abnormal behavior detection performance comparison experiments were conducted. According to the experimental results, there was no degradation in detection performance even when data was de-identified. Furthermore, the average re-identification probability was approximately 1.2%, whereas the attack success probability was approximately 0.2%, proving that the proposed de-identification method resulted in low possibility of re-identification and good data safety.

Download


Paper Citation


in Harvard Style

Kim S. and Lee I. (2024). LSTM Autoencoder-Based Insider Abnormal Behavior Detection Using De-Identified Data. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 609-620. DOI: 10.5220/0012458000003648


in Bibtex Style

@conference{icissp24,
author={Seo-Yi Kim and Il-Gu Lee},
title={LSTM Autoencoder-Based Insider Abnormal Behavior Detection Using De-Identified Data},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={609-620},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012458000003648},
isbn={978-989-758-683-5},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - LSTM Autoencoder-Based Insider Abnormal Behavior Detection Using De-Identified Data
SN - 978-989-758-683-5
AU - Kim S.
AU - Lee I.
PY - 2024
SP - 609
EP - 620
DO - 10.5220/0012458000003648
PB - SciTePress