Outlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection

Diana Haidar, Mohamed Medhat Gaber

    Research output: Contribution to journalArticlepeer-review


    Insider threat detection is an emergent concern for industries and governments due to the growing number of attacks in recent years. Several Machine Learning (ML) approaches have been developed to detect insider threats, however, they still suffer from a high number of false alarms. None of those approaches addressed the insider threat problem from the perspective of stream mining data where a concept drift or an outlier is an indication of an insider threat. An outlier refers to anomalous behaviour that deviates from the normal baseline of community's behaviour and is the focus of this paper. To address the shortcoming of existing approaches and realise a novel solution to the problem, we present RandSubOut (Random Subspace Outliers) approach for insider threat detection over real-time data streaming. RandSubOut allows the detection of insider threats represented as localised outliers in random feature subspaces, which would not be detected over the whole feature space, due to dimensionality. We evaluated the presented approach as an ensemble of established distance-based outlier de tection methods, namely, Micro-cluster-based Continuous Outlier Detection (MCOD) and Anytime OUTlier detection (AnyOut), according to evaluation measures including True Positive (TP) and False Positive (FP).
    Original languageEnglish
    JournalThe Specialist Group on Artificial Intelligence Expert Update
    Issue number2
    Publication statusPublished (VoR) - 2017


    Dive into the research topics of 'Outlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection'. Together they form a unique fingerprint.

    Cite this