MITD-Net: Markov image-based threat detection network
DOI:
https://doi.org/10.1038/s41598-025-19275-1Abstract
The increasing sophistication of malicious activities within applications emphasizes the need for advanced predictive technologies. Malicious user behavior (MUB) is a concern in organizations, as it is a significant source of security breaches caused by employees within the organization. Although previous studies in user activity detection have demonstrated some success, these technologies have been insufficient in identifying new or unfamiliar security threats. To improve the detection of insider threats, this study introduces MITD-Net, a novel method based on a MobileNet convolutional neural network (CNN) architecture to predict the MUB effectively and efficiently. MITD-Net is faster and accurate than its counterparts, leveraging the computational efficiency and adaptability of deep neural networks in low-resource environments. Our model addresses the challenge of predicting harmful behavior. MITD-Net contributes to the proactive identification and mitigation of potential threats, thereby enhancing overall system security. The proposed method aims to extract features from the CERT r4.2 dataset, converting them into a Markov image to detect the MUB from authorized parties. Experimental evaluations conducted on CERT r4.2 datasets demonstrate the effectiveness of the proposed model. Moreover, this paper compares the results of previous studies. The experimental findings show that the proposed approach outperforms or achieves state-of-the-art techniques. Ablation studies were also performed to evaluate the significance of each individual component of the model.
References
Abdu, A., et al. (2025). Cross-project software defect prediction based on the reduction and hybridization of software metrics. Alexandria Engineering Journal, 112, 161–176.
Algburi, R. N. A., et al. (2024). Hhlp-ssa: Enhanced fault diagnosis in industrial robots using hierarchical hyper-Laplacian prior and singular spectrum analysis. In 2024 8th International Artificial Intelligence and Data Processing Symposium (IDAP) (pp. 1–8). IEEE.
Algabri, R., & Choi, M.-T. (2021). Robust person following under severe indoor illumination changes for mobile robots: Online color-based identification update. In 2021 21st International Conference on Control, Automation and Systems (ICCAS) (pp. 1000–1005). IEEE.
Algabri, R., & Choi, M.-T. (2022). Online boosting-based target identification among similar appearance for person-following robots. Sensors, 22(21), Article 8422.
Algabri, R., Shin, H., Abdu, A., Bae, J.-H., & Lee, S. (2025). Wquatnet: Wide range quaternion-based head pose estimation. Journal of King Saud University - Computer and Information Sciences, 37, Article 24.
AlSlaiman, M., Salman, M. I., Saleh, M. M., & Wang, B. (2023). Enhancing false negative and positive rates for efficient insider threat detection. Computers & Security, 126, Article 103066.
Alzaabi, F. R., & Mehmood, A. (2024). A review of recent advances, challenges, and opportunities in malicious insider threat detection using machine learning methods. IEEE Access, 12, 30907–30927.
Andrearczyk, V., & Whelan, P. F. (2016). Using filter banks in convolutional neural networks for texture classification. Pattern Recognition Letters, 84, 63–69.
Anju, A., & Krishnamurthy, M. (2024). M-eos: Modified-equilibrium optimization-based stacked cnn for insider threat detection. Wireless Networks, 30(5), 2819–2838.
Bharathi, S., & Balasubramanian, C. (2022). Non-trusted user classification-comparative analysis of machine and deep learning approaches. In 2022 International Conference on Augmented Intelligence and Sustainable Systems (ICAISS) (pp. 316–324). IEEE.
Bhodia, N., Prajapati, P., Di Troia, F., & Stamp, M. (2019). Transfer learning for image-based malware classification. arXiv preprint arXiv:1903.11551.
Chattopadhyay, P., Wang, L., & Tan, Y.-P. (2018). Scenario-based insider threat detection from cyber activities. IEEE Transactions on Computational Social Systems, 5(3), 660–675.
Chitrapu, P., & Kalluri, H. K. (2024). Mobilenet-powered deep learning for efficient face classification. In 2024 IEEE International Students’ Conference on Electrical, Electronics and Computer Science (SCEECS) (pp. 1–6). IEEE.
Deng, H., Guo, C., Shen, G., Cui, Y., & Ping, Y. (2023). Mctvd: A malware classification method based on three-channel visualization and deep learning. Computers & Security, 126, Article 103084.
Dhanya, K., et al. (2023). Obfuscated malware detection in iot android applications using Markov images and cnn. IEEE Systems Journal, 17(2), 2756–2766.
Duan, S.-M., Yuan, J.-T., & Wang, B. (2024). Contextual feature representation for image-based insider threat classification. Computers & Security, 140, Article 103779.
Erola, A., Agrafiotis, I., Goldsmith, M., & Creese, S. (2022). Insider-threat detection: Lessons from deploying the citd tool in three multinational organisations. Journal of Information Security and Applications, *67“, Article 103167.
Ferreira, P., Le, D. C., & Zincir-Heywood, N. (2019). Exploring feature normalization and temporal information for machine learning based insider threat detection. In 2019 15th International Conference on Network and Service Management (CNSM) (pp. 1–7). IEEE.
Gao, P., et al. (2025). Deep temporal graph infomax for imbalanced insider threat detection. Journal of Computer Information Systems, 65(1), 108–118.
Garchery, M., & Granitzer, M. (2020). Adsage: Anomaly detection in sequences of attributed graph edges applied to insider threat detection at fine-grained level. arXiv preprint arXiv:2007.06985.
Gayathri, R., Sajjanhar, A., & Xiang, Y. (2020). Image-based feature representation for insider threat classification. Applied Sciences, 10(14), Article 4945.
Ge, D., Zhong, S., & Chen, K. (2022). Multi-source data fusion for insider threat detection using residual networks. In 2022 3rd International Conference on Electronics, Communications and Information Technology (CECIT) (pp. 359–366). IEEE.
Glasser, J., & Lindauer, B. (2013). Bridging the gap: A pragmatic approach to generating insider threat data. In 2013 IEEE Security and Privacy Workshops (pp. 98–104). IEEE.
Hong, W., et al. (2023). A graph empowered insider threat detection framework based on daily activities. ISA Transactions, 141, 84–92.
Hu, T., et al. (2019). An insider threat detection approach based on mouse dynamics and deep learning. Security and Communication Networks, 2019, Article 3898951.
Huang, C., Sarabi, M., & Ragab, A. E. (2024). Mobilenet-v2/ifho model for accurate detection of early-stage diabetic retinopathy. Heliyon, 10(18), Article e37293.
Jeon, G., Jin, H., Lee, J. H., Jeon, S., & Seo, J. T. (2024). Iwtw: A framework for iowt cyber threat analysis. CMES - Computer Modeling in Engineering & Sciences, 141(2), Article 1575.
Jiao, J., Liu, Z., & Li, L. (2023). Intranet security detection based on image and deep transfer learning. In Proceedings of the 2023 13th International Conference on Communication and Network Security (pp. 196–202).
Jiang, J., et al. (2018). Prediction and detection of malicious insiders’ motivation based on sentiment profile on webpages and emails. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM) (pp. 1–6). IEEE.
Jiang, J., et al. (2019). Anomaly detection with graph convolutional networks for insider threat and fraud detection. In MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM) (pp. 109–114). IEEE.
Kancherla, K., & Mukkamala, S. (2013). Image visualization based malware detection. In 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) (pp. 40–44). IEEE.
Karatas, G., Demir, O., & Sahingoz, O. K. (2018). Deep learning in intrusion detection systems. In 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) (pp. 113–116). IEEE.
Khan, M. Z. A., Khan, M. M., & Arshad, J. (2022). Anomaly detection and enterprise security using user and entity behavior analytics (ueba). In 2022 3rd International Conference on Innovations in Computer Science & Software Engineering (ICONICS) (pp. 1–9). IEEE.
Kim, A., et al. (2019). Sok: A systematic review of insider threat detection. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 10(2), 46–67.
Kotb, H. M., Gaber, T., AlJanah, S., Zawbaa, H. M., & Alkhathami, M. A. (2025). A novel deep synthesis-based insider intrusion detection (ds-iid) model for malicious insiders and ai-generated threats. Scientific Reports, 15, Article 207.
Kumar, M. P., Hasmitha, D., Usha, B., Jyothsna, B., & Sravya, D. (2024). Brain tumor classification using mobilenet. In 2024 International Conference on Integrated Circuits and Communication Systems (ICICACS) (pp. 1–7). IEEE.
Latif, M. A., et al. (2025). Oversampling-enhanced feature fusion-based hybrid vit-1dcnn model for ransomware cyber attack detection. Computer Modeling in Engineering & Sciences (CMES), 142(1), Article 056850.
Lavanya, P., Glory, H. A., & Sriram, V. S. (2024). Mitigating insider threat: A neural network approach for enhanced security. IEEE Access, 12, 73752–73768.
Le, D. C., & Zincir-Heywood, A. N. (2019). Machine learning based insider threat modelling and detection. In 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (pp. 1–6). IEEE.
Le, D. C., Zincir-Heywood, N., & Heywood, M. I. (2020). Analyzing data granularity levels for insider threat detection using machine learning. IEEE Transactions on Network and Service Management, 17(1), 30–44.
Li, D., et al. (2021). Image-based insider threat detection via geometric transformation. Security and Communication Networks, 2021, 1–18.
Li, X., et al. (2023). A high accuracy and adaptive anomaly detection model with dual-domain graph convolutional network for insider threat detection. IEEE Transactions on Information Forensics and Security, 18, 1638–1652.
Lin, L., Zhong, S., Jia, C., & Chen, K. (2017). Insider threat detection based on deep belief network feature representation. In 2017 International Conference on Green Informatics (ICGI) (pp. 54–59). IEEE.
Liu, L., De Vel, O., Chen, C., Zhang, J., & Xiang, Y. (2018). Anomaly-based insider threat detection using deep autoencoders. In 2018 IEEE International Conference on Data Mining Workshops (ICDMW) (pp. 39–48). IEEE.
Liu, H., Liu, M., Han, L., Sun, H., & Fu, C. (2025). Ripple2detect: A semantic similarity learning based framework for insider threat multi-step evidence detection. Computers & Security, 154, Article 104387.
Mai, C., et al. (2023). Mobilenet-based iot malware detection with opcode features. Journal of Communications and Information Networks, 8(3), 221–230.
Meng, F., Lou, F., Fu, Y., & Tian, Z. (2018). Deep learning based attribute classification insider threat detection for data security. In 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC) (pp. 576–581). IEEE.
Nasir, R., Afzal, M., Latif, R., & Iqbal, W. (2021). Behavioral based insider threat detection using deep learning. IEEE Access, 9, 143266–143274.
Pal, P., Chattopadhyay, P., & Swarnkar, M. (2023). Temporal feature aggregation with attention for insider threat detection from activity logs. Expert Systems with Applications, 224, Article 119925.
Priyadarshi, P., & Kumar, P. (2024). A comprehensive review on insider trading detection using artificial intelligence. Journal of Computational Social Science, 7(2), 1645–1664.
Randive, K., Mohan, R., & Sivakrishna, A. M. (2023). An efficient pattern-based approach for insider threat classification using the image-based feature representation. Journal of Information Security and Applications, 73, Article 103434.
Raut, M., Dhavale, S., Singh, A., & Mehra, A. (2020). Insider threat detection using deep learning: A review. In 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS) (pp. 856–863). IEEE.
Rohini, V., Mohan, R., & Sivakrishna, A. M. (2024). Insider threat detection on cert data using pre-trained resnet. In 2024 Global Conference on Communications and Information Technologies (GCCIT) (pp. 1–6). IEEE.
Saaudi, A., Al-Ibadi, Z., Tong, Y., & Farkas, C. (2018). Insider threats detection using cnn-lstm model. In 2018 International Conference on Computational Science and Computational Intelligence (CSCI) (pp. 94–99). IEEE.
Saqib, S. M., et al. (2024). Cataract and glaucoma detection based on transfer learning using mobilenet. Heliyon, 10(17), Article e36759.
Shanmugapriya, D., Dhanya, C., Asha, S., Padmavathi, G., & Suthisini, D. N. P. (2024). Cloud insider threat detection using deep learning models. In 2024 11th International Conference on Computing for Sustainable Global Development (INDIACom) (pp. 434–438). IEEE.
Sharma, O., Sharma, A., & Kalia, A. (2023). Windows and iot malware visualization and classification with deep cnn and xception cnn using markov images. Journal of Intelligent Information Systems, 60(2), 349–375.
Singh, M., Mehtre, B. M., & Sangeetha, S. (2019). User behavior profiling using ensemble approach for insider threat detection. In 2019 IEEE 5th International Conference on Identity, Security, and Behavior Analysis (ISBA) (pp. 1–8). IEEE.
Singh, M., Mehtre, B., & Sangeetha, S. (2021). User behaviour based insider threat detection in critical infrastructures. In 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC) (pp. 489–494). IEEE.
Tian, T., et al. (2023). Insider threat detection based on heterogeneous graph neural network. In 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 628–635). IEEE.
Tian, T., Zhang, C., Jiang, B., Feng, H., & Lu, Z. (2025). Insider threat detection for specific threat scenarios. Cybersecurity, 8, Article 17.
Vasan, D., et al. (2020). Imcfn: Image-based malware classification using fine-tuned convolutional neural network architecture. Computer Networks, 171, Article 107138.
Wang, Z. Q., & Saddik, A. (2023). Dtitd: An intelligent insider threat detection framework based on digital twin and self-attention based deep learning models. IEEE Access, 11, 114013–114030.
Wisnubroto, D. S., Khairul, K., Basuki, F., & Kristuti, E. (2023). Preventing and countering insider threats and radicalism in an Indonesian research reactor: Development of a human reliability program (hrp). Heliyon, 9(4), Article e15685.
Xiao, F., et al. (2024). Sentinel: Insider threat detection based on multi-timescale user behavior interaction graph learning. IEEE Transactions on Network Science and Engineering, 12(2), 774–790.
Xiao, J., et al. (2022). Robust anomaly-based insider threat detection using graph neural network. IEEE Transactions on Network and Service Management, 20(3), 3717–3733.
Yuan, S., & Wu, X. (2021). Deep learning for insider threat detection: Review, challenges and opportunities. Computers & Security, *104“, Article 102221.
Zhang, J., Chen, Y., & Ju, A. (2018). Insider threat detection of adaptive optimization dbn for behavior logs. Turkish Journal of Electrical Engineering and Computer Sciences, 26(2), 792–802.
Zhao, J., Shetty, S., Pan, J. W., Kamhoua, C., & Kwiat, K. (2019). Transfer learning for detecting unknown network attacks. EURASIP Journal on Information Security, 2019, 1–13.
Zhou, S., Wang, L., Yang, J., & Zhan, P. (2022). Sitd: Insider threat detection using Siamese architecture on imbalanced data. In 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD) (pp. 245–250). IEEE.
Zhu, X., et al. (2024). Auth: An adversarial autoencoder based unsupervised insider threat detection scheme for multisource logs. IEEE Transactions on Industrial Informatics, 20(9), 10954–10965.
