Research on insider threat detection based on personalized federated learning and behavior log analysis.
Journal:
Scientific reports
Published Date:
Jun 1, 2025
Abstract
As the cybersecurity landscape becomes increasingly challenging, insider threat detection has emerged as a critical research area. Traditional methods for detecting insider threats, such as Random Forest and Isolation Forest, suffer from high computational resource consumption, poor feature representation, and sensitivity to noise. While machine learning methods offer certain advantages, they still face challenges in complex data scenarios. This study focuses on the application of Federated Learning in insider threat detection. As a distributed machine learning framework, FL enables collaborative model building and analysis while safeguarding data privacy. It encompasses various types, including horizontal, vertical, and federated transfer learning. However, its application in insider threat detection remains limited. This research proposes an innovative solution to address the shortcomings of existing Federated Learning-based detection methods (e.g., FedAT), such as insufficient feature extraction and high resource consumption. Drawing on the DeepInsight concept, we convert different data types into image formats for use with Convolutional Neural Networks (CNNs) to train insider threat detection models. This approach leverages the advantages of FL's privacy protection and multi-source data integration while harnessing the powerful feature learning capabilities of CNNs. It improves key metrics such as accuracy and recall in insider threat detection. The proposed method offers a more efficient and precise approach to detecting insider threats in cybersecurity, advancing the development and practical application of relevant technologies in this field with significant theoretical and practical implications.
Authors
Keywords
No keywords available for this article.
