LIME-Enhanced Insider Threat Detection for Distributed Security Systems
摘要
Insider threats pose critical challenges in cybersecurity, with traditional machine learning approaches suffering from high false positive rates and a lack of interpretability that limit operational effectiveness. This study presents a LIME-enhanced insider threat detection framework that integrates local interpretable explanations with reclassification mechanisms to improve both accuracy and decision transparency. Using the CMU CERT v6.2 dataset, we implemented a systematic comparison between baseline XGBoost detection and LIME-enhanced reclassification across 50 strategically selected cases via our ResearchCaseSelector algorithm. The baseline system achieved 80% accuracy but generated excessive false alerts, limiting practical deployment. Our LIME-driven approach demonstrated statistically significant improvements: 14% accuracy increase (80.0% to 94.0%) and 50% false positive reduction, with complete elimination of false negatives. Statistical validation confirmed significance (p = 0.0068, Cohen’s d = 0.399) with 14% intervention rate demonstrating operational feasibility. Large-scale experimental validation across 316,250 test instances establishes computational scalability suitable for enterprise security environments. These results provide empirical evidence for deploying explainable AI-enhanced cybersecurity systems in operational contexts requiring both high accuracy and interpretable decision-making.