Feature Engineering Method Using Double-Layer Hidden Markov Model for Insider Threat Detection
- Authors
- Ye, Xiaoyun; Hong, Sung-Sam; Han, Myung-Mook
- Issue Date
- Mar-2020
- Publisher
- KOREAN INST INTELLIGENT SYSTEMS
- Keywords
- Hidden Markov Model (HMM); User behavior; Insider threat; Feature engineering; Anomaly detection
- Citation
- INTERNATIONAL JOURNAL OF FUZZY LOGIC AND INTELLIGENT SYSTEMS, v.20, no.1, pp.17 - 25
- Journal Title
- INTERNATIONAL JOURNAL OF FUZZY LOGIC AND INTELLIGENT SYSTEMS
- Volume
- 20
- Number
- 1
- Start Page
- 17
- End Page
- 25
- URI
- https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/27313
- DOI
- 10.5391/IJFIS.2020.20.1.17
- ISSN
- 1598-2645
- Abstract
- In the past, most Hidden Markov models based on time series only used the original HMM model. The single-layer models (HMMs) structure has a big problem, and it isn't straightforward to play its due role when it is necessary to make fine adjustments to the scene. So it was impossible to entirely and flexibly perform user behavior. This paper performs feature extraction and analysis of user behavior data of time series. The data labels should be added after the parameters obtained by statistical methods for clustering to obtain the first hidden state, and the layers are further layered according to working hours and outside working hours. The experimental results show that the method has strong applicability and flexibility, and can quickly detect abnormal behavior.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - IT융합대학 > 소프트웨어학과 > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/27313)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.