A Novel Approach for Recognizing and Eliminating Escalation Attack Using AI Techniques
摘要
The recent exponential increase in attack frequency and complexity has led to significant cybersecurity issues arising from the development of smart products. Despite the significant advancements that cloud computing has brought to the business sector, the centralization of this technology may provide challenges when it comes to using dispersed services such as security systems. Valuable data breaches may occur because of the substantial volume of data sent between organizations and cloud service providers, whether intentionally or unintentionally. The malevolent insider poses a critical danger to the company due to their heightened access and increased opportunities to do substantial harm. Insiders have exclusive and authorized access to information and resources, unlike others who are not part of the group. This study presents a machine learning system that detects and categorizes insider threats. The system finds abnormal events that may indicate anomalies and security issues related to privilege escalation. Several researches have been conducted on the detection of abnormalities and vulnerabilities in network systems to identify security defects or risks related to privilege escalation. However, many investigations lack the accurate identification of the assaults. This research assesses the performance of four machine learning algorithms, namely RF (Random Forest), AB(AdaBoost), XGB(XGBoost), and LGB(LightGBM), in classifying insider attacks. The evaluation is conducted using a bespoke dataset derived from various files of the CERT dataset. The findings indicate that LGB exhibits the best level of accuracy, although other algorithms like RF or AB provide superior performance in some internal attack scenarios. Utilizing various machine learning algorithms may provide a more robust categorization for detecting numerous internal threats.