MITD-Net: Markov image-based threat detection network
الملخص
The increasing sophistication of malicious activities within applications emphasizes the need for advanced predictive technologies. Malicious user behavior (MUB) is a concern in organizations, as it is a significant source of security breaches caused by employees within the organization. Although previous studies in user activity detection have demonstrated some success, these technologies have been insufficient in identifying new or unfamiliar security threats. To improve the detection of insider threats, this study introduces MITD-Net, a novel method based on a MobileNet convolutional neural network (CNN) architecture to predict the MUB effectively and efficiently. MITD-Net is faster and accurate than its counterparts, leveraging the computational efficiency and adaptability of deep neural networks in low-resource environments. Our model addresses the challenge of predicting harmful behavior. MITD-Net contributes to the proactive identification and mitigation of potential threats, thereby enhancing overall system security. The proposed method aims to extract features from the CERT r4.2 dataset, converting them into a Markov image to detect the MUB from authorized parties. Experimental evaluations conducted on CERT r4.2 datasets demonstrate the effectiveness of the proposed model. Moreover, this paper compares the results of previous studies. The experimental findings show that the proposed approach outperforms or achieves state-of-the-art techniques. Ablation studies were also performed to evaluate the significance of each individual component of the model.
المراجع
1. Jeon, G., Jin, H., Lee, J. H., Jeon, S. & Seo, J. T. Iwtw: A framework for iowt cyber threat analysis. CMES-Comput. Model. Eng. Sci. 141, 1575 (2024).
2. Latif, M. A. et al. Oversampling-enhanced feature fusion-based hybrid vit-1dcnn model for ransomware cyber attack detection. Comput. Model. Eng. Sci. (CMES) https://doi.org/10.32604/cmes.2024.056850 (2025).
3. Alzaabi, F. R. & Mehmood, A. A review of recent advances, challenges, and opportunities in malicious insider threat detection using machine learning methods. IEEE Access 12, 30907–30927 (2024).
4. Wisnubroto, D. S., Khairul, K., Basuki, F. & Kristuti, E. Preventing and countering insider threats and radicalism in an Indonesian research reactor: Development of a human reliability program (hrp). Heliyon 9, e15685 (2023).
5. Yuan, S. & Wu, X. Deep learning for insider threat detection: Review, challenges and opportunities. Comput. Secur. 104, 102221 (2021).
6. Erola, A., Agrafiotis, I., Goldsmith, M. & Creese, S. Insider-threat detection: Lessons from deploying the citd tool in three multinational organisations. J. Inf. Secur. Appl. 67, 103167 (2022).
7. Ferreira, P., Le, D. C. & Zincir-Heywood, N. Exploring feature normalization and temporal information for machine learning based insider threat detection. In 2019 15th International Conference on Network and Service Management (CNSM), 1–7 (IEEE, 2019).
8. Li, D. et al. Image-based insider threat detection via geometric transformation. Secur. Commun. Netw. 2021, 1–18 (2021).
9. Jiang, J. et al. Anomaly detection with graph convolutional networks for insider threat and fraud detection. In MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM), 109–114 (IEEE, 2019).
10. Liu, L., De Vel, O., Chen, C., Zhang, J. & Xiang, Y. Anomaly-based insider threat detection using deep autoencoders. In 2018 IEEE International Conference on Data Mining Workshops (ICDMW), 39–48 (IEEE, 2018).
11. Lavanya, P., Glory, H. A. & Sriram, V. S. Mitigating insider threat: a neural network approach for enhanced security. IEEE Access 12, 73752–68 (2024).
12. Meng, F., Lou, F., Fu, Y. & Tian, Z. Deep learning based attribute classification insider threat detection for data security. In 2018 IEEE third international conference on data science in cyberspace (DSC), 576–581 (IEEE, 2018).
13. Lin, L., Zhong, S., Jia, C. & Chen, K. Insider threat detection based on deep belief network feature representation. In 2017 international conference on green informatics (ICGI), 54–59 (IEEE, 2017).
14. Zhang, J., Chen, Y. & Ju, A. Insider threat detection of adaptive optimization dbn for behavior logs. Turk. J. Electr. Eng. Comput. Sci. 26, 792–802 (2018).
15. Le, D. C. & Zincir-Heywood, A. N. Machine learning based insider threat modelling and detection. In 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), 1–6 (IEEE, 2019).
16. Jiang, J. et al. Prediction and detection of malicious insiders’ motivation based on sentiment profile on webpages and emails. In MILCOM 2018-2018 IEEE Military Communications Conference (MILCOM), 1–6 (IEEE, 2018).
17. Singh, M., Mehtre, B. M. & Sangeetha, S. User behavior profiling using ensemble approach for insider threat detection. In 2019 IEEE 5th International Conference on Identity, Security, and Behavior Analysis (ISBA), 1–8 (IEEE, 2019).
18. Algabri, R. & Choi, M.-T. Online boosting-based target identification among similar appearance for person-following robots. Sensors 22, 8422 (2022).
19. Abdu, A. et al. Cross-project software defect prediction based on the reduction and hybridization of software metrics. Alex. Eng. J. 112, 161–176 (2025).
20. Algabri, R., Shin, H., Abdu, A., Bae, J.-H. & Lee, S. Wquatnet: Wide range quaternion-based head pose estimation. J. King Saud Univ. Comput. Inf. Sci. 37, 24 (2025).
21. Tian, T. et al. Insider threat detection based on heterogeneous graph neural network. In 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 628–635 (IEEE, 2023).
22. Singh, M., Mehtre, B. & Sangeetha, S. User behaviour based insider threat detection in critical infrastructures. In 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC), 489–494 (IEEE, 2021).
23. Nasir, R., Afzal, M., Latif, R. & Iqbal, W. Behavioral based insider threat detection using deep learning. IEEE Access 9, 143266–143274 (2021).
24. Xiao, F. et al. Sentinel: Insider threat detection based on multi-timescale user behavior interaction graph learning. IEEE Trans. Netw. Sci. Eng. 12(2), 774–790 (2024).
25. Hong, W. et al. A graph empowered insider threat detection framework based on daily activities. ISA Trans. 141, 84–92 (2023).
26. Kotb, H. M., Gaber, T., AlJanah, S., Zawbaa, H. M. & Alkhathami, M. A novel deep synthesis-based insider intrusion detection (ds-iid) model for malicious insiders and ai-generated threats. Sci. Rep. 15, 207 (2025).
27. Zhu, X. et al. Auth: An adversarial autoencoder based unsupervised insider threat detection scheme for multisource logs. IEEE Trans. Ind. Inform. 20(9), 10954–65 (2024).
28. Wang, Z. Q. & Saddik, A. Dtitd: An intelligent insider threat detection framework based on digital twin and self-attention based deep learning models. IEEE Access 11, 114013–30 (2023).
29. Randive, K., Mohan, R. & Sivakrishna, A. M. An efficient pattern-based approach for insider threat classification using the image-based feature representation. J. Inf. Secur. Appl. 73, 103434 (2023).
30. Tian, T., Zhang, C., Jiang, B., Feng, H. & Lu, Z. Insider threat detection for specific threat scenarios. Cybersecurity 8, 17 (2025).
31. Liu, H., Liu, M., Han, L., Sun, H. & Fu, C. Ripple2detect: A semantic similarity learning based framework for insider threat multi-step evidence detection. Comput. Secur. 154, 104387 (2025).
32. AlSlaiman, M., Salman, M. I., Saleh, M. M. & Wang, B. Enhancing false negative and positive rates for efficient insider threat detection. Comput. Secur. 126, 103066 (2023).
33. Gao, P. et al. Deep temporal graph infomax for imbalanced insider threat detection. J. Comput. Inf. Syst. 65, 108–118 (2025).
34. Li, X. et al. A high accuracy and adaptive anomaly detection model with dual-domain graph convolutional network for insider threat detection. IEEE Trans. Inf. Forensics Secur. 18, 1638–1652 (2023).
35. Anju, A. & Krishnamurthy, M. M-eos: modified-equilibrium optimization-based stacked cnn for insider threat detection. Wirel. Netw. 30, 2819–2838 (2024).
36. Zhou, S., Wang, L., Yang, J. & Zhan, P. Sitd: Insider threat detection using Siamese architecture on imbalanced data. In 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD), 245–250 (IEEE, 2022).
37. Ge, D., Zhong, S. & Chen, K. Multi-source data fusion for insider threat detection using residual networks. In 2022 3rd International Conference on Electronics, Communications and Information Technology (CECIT), 359–366 (IEEE, 2022).
38. Gayathri, R., Sajjanhar, A. & Xiang, Y. Image-based feature representation for insider threat classification. Appl. Sci. 10, 4945 (2020).
39. Rohini, V., Mohan, R. & Sivakrishna, A. M. Insider threat detection on cert data using pre-trained resnet. In 2024 Global Conference on Communications and Information Technologies (GCCIT), 1–6 (IEEE, 2024).
40. Priyadarshi, P. & Kumar, P. A comprehensive review on insider trading detection using artificial intelligence. J. Comput. Soc. Sci. 7(2), 1645–64 (2024).
41. Bharathi, S. & Balasubramanian, C. Non-trusted user classification-comparative analysis of machine and deep learning approaches. In 2022 International Conference on Augmented Intelligence and Sustainable Systems (ICAISS), 316–324 (IEEE, 2022).
42. Pal, P., Chattopadhyay, P. & Swarnkar, M. Temporal feature aggregation with attention for insider threat detection from activity logs. Expert Syst. Appl. 224, 119925 (2023).
43. Xiao, J. et al. Robust anomaly-based insider threat detection using graph neural network. IEEE Trans. Netw. Serv. Manag. 20(3), 3717–33 (2022).
44. Karatas, G., Demir, O. & Sahingoz, O. K. Deep learning in intrusion detection systems. In 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), 113–116 (IEEE, 2018).
45. Kim, A. et al. Sok: A systematic review of insider threat detection. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 10, 46–67 (2019).
46. Le, D. C. & Zincir-Heywood, N. Machine learning based insider threat modelling and detection. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) 1–6 (2019).
47. Garchery, M. & Granitzer, M. Adsage: Anomaly detection in sequences of attributed graph edges applied to insider threat detection at fine-grained level. ArXiv:2007.06985 (2020).
48. Hu, T. et al. An insider threat detection approach based on mouse dynamics and deep learning. Secur. Commun. Netw. 2019(1), 3898951 (2019).
49. Yang, G., Cai, L., Yu, A. & Meng, D. A general and expandable insider threat detection system using baseline anomaly detection and scenario-driven alarm filters. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 763–773 (IEEE, 2018).
50. Khan, M. Z. A., Khan, M. M. & Arshad, J. Anomaly detection and enterprise security using user and entity behavior analytics (ueba). In 2022 3rd International Conference on Innovations in Computer Science & Software Engineering (ICONICS), 1–9 (IEEE, 2022).
51. Raut, M., Dhavale, S., Singh, A. & Mehra, A. Insider threat detection using deep learning: A review. In 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS), 856–863 (IEEE, 2020).
52. Saaudi, A., Al-Ibadi, Z., Tong, Y. & Farkas, C. Insider threats detection using cnn-lstm model. In 2018 International conference on computational science and computational intelligence (CSCI), 94–99 (IEEE, 2018).
53. Glasser, J. & Lindauer, B. Bridging the gap: A pragmatic approach to generating insider threat data. In 2013 IEEE Security and Privacy Workshops, 98–104 (IEEE, 2013).
54. Shanmugapriya, D., Dhanya, C., Asha, S., Padmavathi, G. & Suthisini, D. N. P. Cloud insider threat detection using deep learning models. In 2024 11th International Conference on Computing for Sustainable Global Development (INDIACom), 434–438 (IEEE, 2024).
55. Chattopadhyay, P., Wang, L. & Tan, Y.-P. Scenario-based insider threat detection from cyber activities. IEEE Trans. Comput. Soc. Syst. 5, 660–675 (2018).
56. Le, D. C., Zincir-Heywood, N. & Heywood, M. I. Analyzing data granularity levels for insider threat detection using machine learning. IEEE Trans. Netw. Serv. Manag. 17, 30–44 (2020).
57. Kancherla, K. & Mukkamala, S. Image visualization based malware detection. In 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 40–44. https://doi.org/10.1109/CICYBS.2013.6597204 (2013).
58. Bhodia, N., Prajapati, P., Di Troia, F. & Stamp, M. Transfer learning for image-based malware classification. arXiv preprint arXiv:1903.11551 (2019).
59. Ferreira, P., C. Le, D. & Zincir-Heywood, N. Exploring feature normalization and temporal information for machine learning based insider threat detection. In 2019 15th International Conference on Network and Service Management (CNSM), 1–7, https://doi.org/10.23919/CNSM46954.2019.9012708 (2019).
60. Algburi, R. N. A. et al. Hhlp-ssa: enhanced fault diagnosis in industrial robots using hierarchical hyper-laplacian prior and singular spectrum analysis. In 2024 8th international artificial intelligence and data processing symposium (IDAP), 1–8 (IEEE, 2024).
61. Duan, S.-M., Yuan, J.-T. & Wang, B. Contextual feature representation for image-based insider threat classification. Comput. Secur. 140, 103779 (2024).
62. Sharma, O., Sharma, A. & Kalia, A. Windows and iot malware visualization and classification with deep cnn and xception cnn using markov images. J. Intell. Inf. Syst. 60, 349–375 (2023).
63. Deng, H., Guo, C., Shen, G., Cui, Y. & Ping, Y. Mctvd: A malware classification method based on three-channel visualization and deep learning. Comput. Secur. 126, 103084 (2023).
64. Mai, C. et al. Mobilenet-based iot malware detection with opcode features. J. Commun. Inf. Netw. 8, 221–230 (2023).
65. Saqib, S. M. et al. Cataract and glaucoma detection based on transfer learning using mobilenet. Heliyon 10(17), e36759 (2024).
66. Huang, C., Sarabi, M. & Ragab, A. E. Mobilenet-v2/ifho model for accurate detection of early-stage diabetic retinopathy. Heliyon 10, e37293 (2024).
Algabri, R. & Choi, M.-T. Robust person following under severe indoor illumination changes for mobile robots: online color-based identification update. In 2021 21st International Conference on Control, Automation and Systems (ICCAS), 1000–1005 (IEEE, 2021).
67. Vasan, D. et al. Imcfn: Image-based malware classification using fine-tuned convolutional neural network architecture. Comput. Netw. 171, 107138 (2020).
68. Chitrapu, P. & Kalluri, H. K. Mobilenet-powered deep learning for efficient face classification. In 2024 IEEE International Students’ Conference on Electrical, Electronics and Computer Science (SCEECS), 1–6 (IEEE, 2024).
69. Kumar, M. P., Hasmitha, D., Usha, B., Jyothsna, B. & Sravya, D. Brain tumor classification using mobilenet. In 2024 International Conference on Integrated Circuits and Communication Systems (ICICACS), 1–7 (IEEE, 2024).
70. Zhao, J., Shetty, S., Pan, J. W., Kamhoua, C. & Kwiat, K. Transfer learning for detecting unknown network attacks. EURASIP J. Inf. Secur. 2019, 1–13 (2019).
71. Dhanya, K. et al. Obfuscated malware detection in iot android applications using Markov images and cnn. IEEE Syst. J. 17(2), 2756–66 (2023).
72. Yu, Q. & Shi, C. An image classification approach for painting using improved convolutional neural algorithm. Soft Comput. 28, 847–873 (2024).
73. Andrearczyk, V. & Whelan, P. F. Using filter banks in convolutional neural networks for texture classification. Pattern Recognit. Lett. 84, 63–69 (2016).
74. Jiao, J., Liu, Z. & Li, L. Intranet security detection based on image and deep transfer learning. In Proceedings of the 2023 13th International Conference on Communication and Network Security, 196–202 (2023).
منشور
إصدار
القسم
الرخصة
الحقوق الفكرية (c) 2026 "This Open Access article is distributed under the Creative Commons Attribution 4.0 International License (CC BY 4.0), permitting unrestricted use, distribution, and adaptation provided the original author and source are properly credited."
هذا العمل مرخص بموجب Creative Commons Attribution 4.0 International License.
