<p>Maintaining trust among employees, employers, and institutions is fundamental to business and research, yet the rise of always-online digital systems and expanding workforces poses new risks to operational integrity. Fluctuating work environments, evolving motivations, and gaps in training can leave organizations vulnerable to insider threats, including inadvertent data leaks and intentional exfiltration. In this study, an investigation of natural language processing (NLP) methods applied to HTTP activity logs to identify potential insider threats through behavioral patterns is conducted. Two experiments were conducted using TF-IDF and Word2Vec text representations, each combined with an XGBoost classifier whose hyperparameters were optimized using a newly proposed iteration stagnation-aware variable neighborhood search (ISAVNS) metaheuristic. The ISAVNS introduces a stagnation-detection mechanism that enables adaptive recovery during optimization, improving exploration and convergence stability. Evaluation on publicly available insider-threat datasets confirmed the high effectiveness of the proposed framework, with the TF-IDF-based model reaching an accuracy of 97.63% and the Word2Vec-based counterpart attaining 97.71%.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Applying metaheuristic optimization for insider-threat detection using natural language processing

  • Tamara Zivkovic,
  • Miodrag Zivkovic,
  • Luka Jovanovic,
  • Vladimir Simic,
  • Branislav Radomirovic,
  • Toufik Mzili,
  • Vico Zeljkovic,
  • Nebojsa Bacanin

摘要

Maintaining trust among employees, employers, and institutions is fundamental to business and research, yet the rise of always-online digital systems and expanding workforces poses new risks to operational integrity. Fluctuating work environments, evolving motivations, and gaps in training can leave organizations vulnerable to insider threats, including inadvertent data leaks and intentional exfiltration. In this study, an investigation of natural language processing (NLP) methods applied to HTTP activity logs to identify potential insider threats through behavioral patterns is conducted. Two experiments were conducted using TF-IDF and Word2Vec text representations, each combined with an XGBoost classifier whose hyperparameters were optimized using a newly proposed iteration stagnation-aware variable neighborhood search (ISAVNS) metaheuristic. The ISAVNS introduces a stagnation-detection mechanism that enables adaptive recovery during optimization, improving exploration and convergence stability. Evaluation on publicly available insider-threat datasets confirmed the high effectiveness of the proposed framework, with the TF-IDF-based model reaching an accuracy of 97.63% and the Word2Vec-based counterpart attaining 97.71%.