Classifying Insider Threat Scenarios Through Explainable Articial Intelligence

Classifying Insider Threat Scenarios Through Explainable Articial Intelligence

연구 분야: Safety

학회: International Conference on Risks and Security of Internet and Systems

Insider threats pose significant risks within network security, potentially leading to data breaches or fraud perpetrated by authorized users. Detecting these insiders is crucial, yet mere detection is insufficient without proper justification for legal actions. While existing research has primarily focused on detecting insider threats, fewer studies have addressed the classification of scenarios post-anomaly detection. This study introduces a novel approach utilizing SHapley Additive exPlanations (SHAP) values generated by an anomaly detection model to classify scenarios after detection. SHAP values, traditionally used for model explanations, are leveraged here to enhance understanding of model decisions while categorizing scenarios. The CERT dataset, tailored for insider threat research, serves as the basis for experimentation. Results demonstrate high accuracy in predicting different scenarios, showcasing SHAP values’ utility in scenario classification and providing deeper insights into model decision-making processes.