Improving Insider Threat Detection from Irregular Login Patterns with Metaheuristic Optimised AdaBoost
preprint
OA: closed
CC-BY-4.0
Abstract
Continuing process of changing cyber security landscape demands constant adaptability to maintain secure and safe systems’ operation. With changing attack vectors constantly being developed, it is essential to act preemptively to maintain desired levels of security. A major challenge in modern systems, and a target for many malicious actors, is the human factor of the system. Insider threat is a critical cybersecurity concern. It is difficult to detect and identify it. Insider threat can cost companies millions of dollars in damage. We have investigated utilization of machine learning (ML) for insider threat detection, from irregular login behaviors of users. A specially tailored version of crayfish optimization algorithm (COA) is proposed and applied to hyperparameter tunning of AdaBoost models to ensure favorable performance. Simulations, conducted on publicly available data, with a majority of normal users’ activities, showcases the versatility of models, optimized by the introduced modified algorithm. The best models are attaining accuracy of 94.6128%. Modified algorithm demonstrates adaptive convergence capable of avoiding local minima and finding more favourable solutions. The best models have also undergone Shapley additive explanation (SHAP) analysis to identify the key features and their contributions to model decisions.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.
Source provenance
- europepmc
- last seen: 2026-05-20T01:45:00.602351+00:00
- unpaywall
- last seen: 2026-05-22T02:00:06.705733+00:00
License: CC-BY-4.0