A novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threats
Abstract Insider threats pose a significant challenge to IT security, particularly with the rise of generative AI technologies, which can create convincing fake user profiles and mimic legitimate behaviors. Traditional intrusion detection systems struggle to differentiate between real and AI-generat...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-01-01
|
| Series: | Scientific Reports |
| Online Access: | https://doi.org/10.1038/s41598-024-84673-w |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841559620806508544 |
|---|---|
| author | Hazem M. Kotb Tarek Gaber Salem AlJanah Hossam M. Zawbaa Mohammed Alkhathami |
| author_facet | Hazem M. Kotb Tarek Gaber Salem AlJanah Hossam M. Zawbaa Mohammed Alkhathami |
| author_sort | Hazem M. Kotb |
| collection | DOAJ |
| description | Abstract Insider threats pose a significant challenge to IT security, particularly with the rise of generative AI technologies, which can create convincing fake user profiles and mimic legitimate behaviors. Traditional intrusion detection systems struggle to differentiate between real and AI-generated activities, creating vulnerabilities in detecting malicious insiders. To address this challenge, this paper introduces a novel Deep Synthesis Insider Intrusion Detection (DS-IID) model. The model employs deep feature synthesis to automatically generate detailed user profiles from event data and utilizes binary deep learning for accurate threat identification. The DS-IID model addresses three key issues: it (i) detects malicious insiders using supervised learning, (ii) evaluates the effectiveness of generative algorithms in replicating real user profiles, and (iii) distinguishes between real and synthetic abnormal user profiles. To handle imbalanced data, the model uses on-the-fly weighted random sampling. Tested on the CERT insider threat dataset, the DS-IID achieved 97% accuracy and an AUC of 0.99. Moreover, the model demonstrates strong performance in differentiating real from AI-generated (synthetic) threats, achieving over 99% accuracy on optimally generated data. While primarily evaluated on synthetic datasets, the high accuracy of the DS-IID model suggests its potential as a valuable tool for real-world cybersecurity applications. |
| format | Article |
| id | doaj-art-bb0ed3ef4b3a4ceeba78ba8dcaf4a653 |
| institution | Kabale University |
| issn | 2045-2322 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj-art-bb0ed3ef4b3a4ceeba78ba8dcaf4a6532025-01-05T12:20:25ZengNature PortfolioScientific Reports2045-23222025-01-0115111410.1038/s41598-024-84673-wA novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threatsHazem M. Kotb0Tarek Gaber1Salem AlJanah2Hossam M. Zawbaa3Mohammed Alkhathami4The Institute of Cancer ResearchSchool of Science, Engineering, and Environment, University of SalfordCollege of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU)Faculty of Computers and Artificial Intelligence, Beni-Suef UniversityCollege of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU)Abstract Insider threats pose a significant challenge to IT security, particularly with the rise of generative AI technologies, which can create convincing fake user profiles and mimic legitimate behaviors. Traditional intrusion detection systems struggle to differentiate between real and AI-generated activities, creating vulnerabilities in detecting malicious insiders. To address this challenge, this paper introduces a novel Deep Synthesis Insider Intrusion Detection (DS-IID) model. The model employs deep feature synthesis to automatically generate detailed user profiles from event data and utilizes binary deep learning for accurate threat identification. The DS-IID model addresses three key issues: it (i) detects malicious insiders using supervised learning, (ii) evaluates the effectiveness of generative algorithms in replicating real user profiles, and (iii) distinguishes between real and synthetic abnormal user profiles. To handle imbalanced data, the model uses on-the-fly weighted random sampling. Tested on the CERT insider threat dataset, the DS-IID achieved 97% accuracy and an AUC of 0.99. Moreover, the model demonstrates strong performance in differentiating real from AI-generated (synthetic) threats, achieving over 99% accuracy on optimally generated data. While primarily evaluated on synthetic datasets, the high accuracy of the DS-IID model suggests its potential as a valuable tool for real-world cybersecurity applications.https://doi.org/10.1038/s41598-024-84673-w |
| spellingShingle | Hazem M. Kotb Tarek Gaber Salem AlJanah Hossam M. Zawbaa Mohammed Alkhathami A novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threats Scientific Reports |
| title | A novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threats |
| title_full | A novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threats |
| title_fullStr | A novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threats |
| title_full_unstemmed | A novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threats |
| title_short | A novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threats |
| title_sort | novel deep synthesis based insider intrusion detection ds iid model for malicious insiders and ai generated threats |
| url | https://doi.org/10.1038/s41598-024-84673-w |
| work_keys_str_mv | AT hazemmkotb anoveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats AT tarekgaber anoveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats AT salemaljanah anoveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats AT hossammzawbaa anoveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats AT mohammedalkhathami anoveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats AT hazemmkotb noveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats AT tarekgaber noveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats AT salemaljanah noveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats AT hossammzawbaa noveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats AT mohammedalkhathami noveldeepsynthesisbasedinsiderintrusiondetectiondsiidmodelformaliciousinsidersandaigeneratedthreats |