A novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threats

Abstract

Insider threats pose a significant challenge to IT security, particularly with the rise of generative AI technologies, which can create convincing fake user profiles and mimic legitimate behaviors. Traditional intrusion detection systems struggle to differentiate between real and AI-generated activities, creating vulnerabilities in detecting malicious insiders. To address this challenge, this paper introduces a novel Deep Synthesis Insider Intrusion Detection (DS-IID) model. The model employs deep feature synthesis to automatically generate detailed user profiles from event data and utilizes binary deep learning for accurate threat identification. The DS-IID model addresses three key issues: it (i) detects malicious insiders using supervised learning, (ii) evaluates the effectiveness of generative algorithms in replicating real user profiles, and (iii) distinguishes between real and synthetic abnormal user profiles. To handle imbalanced data, the model uses on-the-fly weighted random sampling. Tested on the CERT insider threat dataset, the DS-IID achieved 97% accuracy and an AUC of 0.99. Moreover, the model demonstrates strong performance in differentiating real from AI-generated (synthetic) threats, achieving over 99% accuracy on optimally generated data. While primarily evaluated on synthetic datasets, the high accuracy of the DS-IID model suggests its potential as a valuable tool for real-world cybersecurity applications.