{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T22:45:20Z","timestamp":1771022720802,"version":"3.50.1"},"reference-count":34,"publisher":"IGI Global","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,4]]},"abstract":"<jats:p>An insider threat can take on many forms and fall under different categories. This includes malicious insider, careless\/unaware\/uneducated\/na\u00efve employee, and the third-party contractor. Machine learning techniques have been studied in published literature as a promising solution for such threats. However, they can be biased and\/or inaccurate when the associated dataset is hugely imbalanced. Therefore, this article addresses the insider threat detection on an extremely imbalanced dataset which includes employing a popular balancing technique known as spread subsample. The results show that although balancing the dataset using this technique did not improve performance metrics, it did improve the time taken to build the model and the time taken to test the model. Additionally, the authors realised that running the chosen classifiers with parameters other than the default ones has an impact on both balanced and imbalanced scenarios, but the impact is significantly stronger when using the imbalanced dataset.<\/jats:p>","DOI":"10.4018\/ijcwt.2020040101","type":"journal-article","created":{"date-parts":[[2020,3,6]],"date-time":"2020-03-06T15:56:47Z","timestamp":1583510207000},"page":"1-26","source":"Crossref","is-referenced-by-count":28,"title":["Insider Threat Detection Using Supervised Machine Learning Algorithms on an Extremely Imbalanced Dataset"],"prefix":"10.4018","volume":"10","author":[{"given":"Naghmeh Moradpoor","family":"Sheykhkanloo","sequence":"first","affiliation":[{"name":"Edinburgh Napier University, Edinburgh, UK"}]},{"given":"Adam","family":"Hall","sequence":"additional","affiliation":[{"name":"Edinburgh Napier University, Edinburgh, UK"}]}],"member":"2432","reference":[{"key":"IJCWT.2020040101-0","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2016.2558507"},{"key":"IJCWT.2020040101-1","unstructured":"Bradley, N., Alvarez, M., Kuhn, J., & McMillen, D. (2015). IBM 2015 Cyber Security Intelligence Index."},{"key":"IJCWT.2020040101-2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"IJCWT.2020040101-3","author":"E.Cole","year":"2017","journal-title":"Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey"},{"key":"IJCWT.2020040101-4","unstructured":"Data pre-processing. (n.d.). Retrieved from http:\/\/www.cs.ccsu.edu\/~markov\/ccsu_courses\/datamining-3.html"},{"key":"IJCWT.2020040101-5","unstructured":"Enterprise, V. (2017). 2017 Data breach investigations report. Zonefox. Retrieved from https:\/\/zonefox.com"},{"key":"IJCWT.2020040101-6","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2011.2161285"},{"issue":"4","key":"IJCWT.2020040101-7","first-page":"47","article-title":"Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data.","volume":"6","author":"G.Gavai","year":"2015","journal-title":"JoWUA"},{"key":"IJCWT.2020040101-8","doi-asserted-by":"publisher","DOI":"10.1186\/s41044-016-0006-0"},{"key":"IJCWT.2020040101-9","unstructured":"Greenberg, S. (1988). Using unix: Collected traces of 168 users."},{"key":"IJCWT.2020040101-10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-58424-9_7"},{"key":"IJCWT.2020040101-11","doi-asserted-by":"publisher","DOI":"10.12988\/ams.2015.58562"},{"issue":"1","key":"IJCWT.2020040101-12","first-page":"20","article-title":"Inside the Mind of the Insider: Towards Insider Threat Detection Using Psychophysiological Signals.","volume":"6","author":"Y.Hashem","year":"2016","journal-title":"Journal of Internet Services and Information Security"},{"key":"IJCWT.2020040101-13","unstructured":"Hassabis, D., & Silver, D. (2017). Alphago zero: Learning from scratch. deepMind."},{"key":"IJCWT.2020040101-14","unstructured":"Insiders, C. (2018). Insider threat-2018 report. CA Technologies. Retrieved from https:\/\/www.cert.org\/insider-threat\/tools\/"},{"key":"IJCWT.2020040101-15","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2015.2438442"},{"key":"IJCWT.2020040101-16","unstructured":"Lindauer, B., Glasser, J., Rosen, M., & Wallnau, K. C. (2014). Generating Test Data for Insider Threat Detectors. JoWUA, 5(2), 80-94."},{"key":"IJCWT.2020040101-17","doi-asserted-by":"publisher","DOI":"10.1145\/3136825.3136859"},{"key":"IJCWT.2020040101-18","doi-asserted-by":"publisher","DOI":"10.1109\/PASSAT\/SocialCom.2011.211"},{"key":"IJCWT.2020040101-19","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2012.6284271"},{"key":"IJCWT.2020040101-20","first-page":"1897","article-title":"BagBoo: a scalable hybrid bagging-the-boosting model.","author":"D. Y.Pavlov","year":"2010","journal-title":"Proceedings of the 19th ACM international conference on Information and knowledge management"},{"key":"IJCWT.2020040101-21","year":"2016","journal-title":"2016 Cost of Insider Threats: Benchmark Study of Organizations in the United States"},{"key":"IJCWT.2020040101-22","unstructured":"Saarikoski, H. (2011), Explanation of SMO Parameters? Retrieved from https:\/\/list.waikato.ac.nz\/pipermail\/wekalist\/2010-December\/050570.html"},{"key":"IJCWT.2020040101-23","doi-asserted-by":"crossref","unstructured":"Silver, D., Huang, A., Maddison, C. J., Guez, A., Sifre, L., Van Den Driessche, G., ... Dieleman, S. (2016). Mastering the game of Go with deep neural networks and tree search. Nature, 529(7587), 484.","DOI":"10.1038\/nature16961"},{"issue":"6","key":"IJCWT.2020040101-24","first-page":"14146","article-title":"Applying modified K-nearest neighbor to detect insider threat in collaborative information systems. Ijirset.","volume":"3","author":"A.Singh","year":"2014","journal-title":"Com"},{"key":"IJCWT.2020040101-25","doi-asserted-by":"crossref","unstructured":"Torrey, L. & Shavlik, J. (2009). Transfer Learning. In Handbook of Research on Machine Learning. Academic Press.","DOI":"10.4018\/978-1-60566-766-9.ch011"},{"key":"IJCWT.2020040101-26","article-title":"Deep learning for unsupervised insider threat detection in structured cybersecurity data streams.","author":"A.Tuor","year":"2017","journal-title":"Workshops at the Thirty-First AAAI Conference on Artificial Intelligence"},{"key":"IJCWT.2020040101-27","doi-asserted-by":"crossref","unstructured":"Veeramachaneni, K., Arnaldo, I., Korrapati, V., Bassias, C., & Li, K. (2016, April). AI^ 2: training a big data machine to defend. In Proceedings of the 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS) (pp. 49-54). IEEE Press.","DOI":"10.1109\/BigDataSecurity-HPSC-IDS.2016.79"},{"key":"IJCWT.2020040101-28","unstructured":"Weka. Class J48. (n.d.). Retrieved from http:\/\/weka.sourceforge.net\/doc.dev\/weka\/classifiers\/trees\/J48.html"},{"key":"IJCWT.2020040101-29","unstructured":"Weka. Class NaiveBayes. (n.d.). Retrieved from http:\/\/weka.sourceforge.net\/doc.dev\/weka\/classifiers\/bayes\/NaiveBayes.html"},{"key":"IJCWT.2020040101-30","unstructured":"Weka. Class SMO. (n.d.). Retrieved from http:\/\/weka.sourceforge.net\/doc.stable\/weka\/classifiers\/functions\/SMO.html"},{"key":"IJCWT.2020040101-31","unstructured":"Weka. Class SpreadSubsample. Retrieved April 01, 2018, from http:\/\/weka.sourceforge.net\/doc.dev\/weka\/filters\/supervised\/instance\/SpreadSubsample.html"},{"key":"IJCWT.2020040101-32","unstructured":"Weka. (n.d.). Retrieved from https:\/\/www.cs.waikato.ac.nz\/ml\/weka\/"},{"key":"IJCWT.2020040101-33","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2002.1184035"}],"container-title":["International Journal of Cyber Warfare and Terrorism"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=250903","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T00:10:37Z","timestamp":1651795837000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJCWT.2020040101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2020,4]]},"references-count":34,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.4018\/ijcwt.2020040101","relation":{},"ISSN":["1947-3435","1947-3443"],"issn-type":[{"value":"1947-3435","type":"print"},{"value":"1947-3443","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,4]]}}}