Research Article
Detecting Insider Threat from Behavioral Logs Based on Ensemble and Self-Supervised Learning
Table 1
Characteristic of each dimension for the extracted feature.
| | Dimension | Substance | Annotation |
| | 0 | Whether use computer belongs to oneself | 1/0 stands for true/false | | 1 | Time of behavior, represented by avg-TI | Normalized to (0, 1) | | 2 | E-mail address sent to, represented by avg-TI | Normalized to [0, 1); 0 means do not send e-mail | | 3 | E-mail address received from, represented by avg-TI | Normalized to [0, 1); 0 means do not receive e-mail | | 4 | Name of operated file, represented by avg-TI | Normalized to [0, 1); 0 means do not operate files | | 5 | URL of the accessed website, represented by avg-TI | Normalized to [0, 1); 0 means do not access website | | 6 | Whether a log-on activity | 1/0 stands for true/false | | 7 | Whether a log-off activity | 1/0 stands for true/false | | 8 | Whether removable device connecting activity | 1/0 stands for true/false |
|
|
