Insider Attacker Detection Using Light Gradient Boosting Machine

Organizations security suffer from the insider attacker, which is an employee (person) with an authorized access to resources and data of an organization then used the access to harm the organization. In reality, the number of malicious events is very small in relation to the number of normal events of the employee, so it was necessary to use a method that accurately characterized this number of harmful behaviors. Several previous studies used complex methods such as deep learning to solve this problem. In this paper, we used a simpler and faster solution that gave accurate results, where an intelligent approach for detecting insider attacker using Light Gradient Boosting Machine (LightGBM) applied, the cert r4.2 data set used to build and evaluate the model. The results showed the model’s ability to distinguish malicious events from data set in its original unbalanced state with accuracy 99.47%.