Security and Communication Networks

Research Article

Distance Measurement Methods for Improved Insider Threat Detection

Table 5

Full evaluation results.


Username	Scenario	Answer filename	DL	Jaccard	Cosine	HMM

AAM0658	1	r4.2-1-AAM0658.csv	False	42	42	42
AJR0932	1	r4.2-1-AJR0932.csv	37	36	36	36
BDV0168	1	r4.2-1-BDV0168.csv	False	30	False	31
BIH0745	1	r4.2-1-BIH0745.csv	False	False	False	False
BLS0678	1	r4.2-1-BLS0678.csv	False	False	False	False
BTL0226	1	r4.2-1-BTL0226.csv	False	40	False	40
CAH0936	1	r4.2-1-CAH0936.csv	False	32	False	False
DCH0843	1	r4.2-1-DCH0843.csv	57	False	False	False
EHB0824	1	r4.2-1-EHB0824.csv	30	29	29	29
EHD0584	1	r4.2-1-EHD0584.csv	40	39	39	39
FMG0527	1	r4.2-1-FMG0527.csv	False	False	False	53
FTM0406	1	r4.2-1-FTM0406.csv	False	47	47	47
GHL0460	1	r4.2-1-GHL0460.csv	45	False	False	False
HJB0742	1	r4.2-1-HJB0742.csv	False	46	False	46
JMB0308	1	r4.2-1-JMB0308.csv	False	28	28	28
JRG0207	1	r4.2-1-JRG0207.csv	False	55	55	55
KLH0596	1	r4.2-1-KLH0596.csv	59	False	False	False
KPC0073	1	r4.2-1-KPC0073.csv	False	27	27	27
LJR0523	1	r4.2-1-LJR0523.csv	False	30	30	30
LQC0479	1	r4.2-1-LQC0479.csv	False	37	False	37
MAR0955	1	r4.2-1-MAR0955.csv	False	False	False	False
MAS0025	1	r4.2-1-MAS0025.csv	False	False	False	39
MCF0600	1	r4.2-1-MCF0600.csv	38	38	38	38
MYD0978	1	r4.2-1-MYD0978.csv	51	False	False	False
PPF0435	1	r4.2-1-PPF0435.csv	False	False	58	False
RAB0589	1	r4.2-1-RAB0589.csv	37	False	False	False
RGG0064	1	r4.2-1-RGG0064.csv	False	42	42	42
RKD0604	1	r4.2-1-RKD0604.csv	False	False	False	False
TAP0551	1	r4.2-1-TAP0551.csv	False	42	False	42
WDD0366	1	r4.2-1-WDD0366.csv	False	60	False	False
AAF0535	2	r4.2-2-AAF0535.csv	False	False	33	32
ABC0174	2	r4.2-2-ABC0174.csv	False	False	50	49
AKR0057	2	r4.2-2-AKR0057.csv	False	False	False	46
CCL0068	2	r4.2-2-CCL0068.csv	60	False	57	58
CEJ0109	2	r4.2-2-CEJ0109.csv	False	False	64	64
CQW0652	2	r4.2-2-CQW0652.csv	False	False	64	False
DIB0285	2	r4.2-2-DIB0285.csv	False	False	37	36
DRR0162	2	r4.2-2-DRR0162.csv	48	False	50	50
EDB0714	2	r4.2-2-EDB0714.csv	47	False	46	48
EGD0132	2	r4.2-2-EGD0132.csv	37	False	37	37
FSC0601	2	r4.2-2-FSC0601.csv	False	False	False	62
HBO0413	2	r4.2-2-HBO0413.csv	False	False	63	63
HXL0968	2	r4.2-2-HXL0968.csv	40	False	35	41
IJM0776	2	r4.2-2-IJM0776.csv	32	False	False	33
IKR0401	2	r4.2-2-IKR0401.csv	False	False	56	57
IUB0565	2	r4.2-2-IUB0565.csv	47	False	46	46
JJM0203	2	r4.2-2-JJM0203.csv	False	False	40	40
KRL0501	2	r4.2-2-KRL0501.csv	51	False	False	53
LCC0819	2	r4.2-2-LCC0819.csv	28	False	30	30
MDH0580	2	r4.2-2-MDH0580.csv	58	False	False	59
MOS0047	2	r4.2-2-MOS0047.csv	False	False	False	False
NWT0098	2	r4.2-2-NWT0098.csv	False	False	65	64
PNL0301	2	r4.2-2-PNL0301.csv	31	False	False	30
PSF0133	2	r4.2-2-PSF0133.csv	31	False	31	37
RAR0725	2	r4.2-2-RAR0725.csv	28	False	False	31
RHL0992	2	r4.2-2-RHL0992.csv	36	False	32	34
RMW0542	2	r4.2-2-RMW0542.csv	33	27	False	30
TNM0961	2	r4.2-2-TNM0961.csv	False	False	49	48
VSS0154	2	r4.2-2-VSS0154.csv	False	False	False	43
XHW0498	2	r4.2-2-XHW0498.csv	36	False	33	37
BBS0039	3	r4.2-3-BBS0039.csv	False	32	False	False
BSS0369	3	r4.2-3-BSS0369.csv	False	False	False	False
CCA0046	3	r4.2-3-CCA0046.csv	False	False	False	False
CSC0217	3	r4.2-3-CSC0217.csv	23	23	23	23
GTD0219	3	r4.2-3-GTD0219.csv	False	False	False	False
JGT0221	3	r4.2-3-JGT0221.csv	28	28	False	28
JLM0364	3	r4.2-3-JLM0364.csv	False	69	False	False
JTM0223	3	r4.2-3-JTM0223.csv	False	29	False	False
MPM0220	3	r4.2-3-MPM0220.csv	False	False	False	False
MSO0222	3	r4.2-3-MSO0222.csv	False	49	False	False

This table gives the full results of evaluation against all 70 insiders against each of the three distance measurement techniques described in this paper. An entry of “False” indicates that the technique failed to detect the correct week in which insider threat occurred while a numerical value denotes the week in which the highest measurement value was detected for an attack.