Distance Measurement Methods for Improved Insider Threat Detection
Table 5
Full evaluation results.
Username
Scenario
Answer filename
DL
Jaccard
Cosine
HMM
AAM0658
1
r4.2-1-AAM0658.csv
False
42
42
42
AJR0932
1
r4.2-1-AJR0932.csv
37
36
36
36
BDV0168
1
r4.2-1-BDV0168.csv
False
30
False
31
BIH0745
1
r4.2-1-BIH0745.csv
False
False
False
False
BLS0678
1
r4.2-1-BLS0678.csv
False
False
False
False
BTL0226
1
r4.2-1-BTL0226.csv
False
40
False
40
CAH0936
1
r4.2-1-CAH0936.csv
False
32
False
False
DCH0843
1
r4.2-1-DCH0843.csv
57
False
False
False
EHB0824
1
r4.2-1-EHB0824.csv
30
29
29
29
EHD0584
1
r4.2-1-EHD0584.csv
40
39
39
39
FMG0527
1
r4.2-1-FMG0527.csv
False
False
False
53
FTM0406
1
r4.2-1-FTM0406.csv
False
47
47
47
GHL0460
1
r4.2-1-GHL0460.csv
45
False
False
False
HJB0742
1
r4.2-1-HJB0742.csv
False
46
False
46
JMB0308
1
r4.2-1-JMB0308.csv
False
28
28
28
JRG0207
1
r4.2-1-JRG0207.csv
False
55
55
55
KLH0596
1
r4.2-1-KLH0596.csv
59
False
False
False
KPC0073
1
r4.2-1-KPC0073.csv
False
27
27
27
LJR0523
1
r4.2-1-LJR0523.csv
False
30
30
30
LQC0479
1
r4.2-1-LQC0479.csv
False
37
False
37
MAR0955
1
r4.2-1-MAR0955.csv
False
False
False
False
MAS0025
1
r4.2-1-MAS0025.csv
False
False
False
39
MCF0600
1
r4.2-1-MCF0600.csv
38
38
38
38
MYD0978
1
r4.2-1-MYD0978.csv
51
False
False
False
PPF0435
1
r4.2-1-PPF0435.csv
False
False
58
False
RAB0589
1
r4.2-1-RAB0589.csv
37
False
False
False
RGG0064
1
r4.2-1-RGG0064.csv
False
42
42
42
RKD0604
1
r4.2-1-RKD0604.csv
False
False
False
False
TAP0551
1
r4.2-1-TAP0551.csv
False
42
False
42
WDD0366
1
r4.2-1-WDD0366.csv
False
60
False
False
AAF0535
2
r4.2-2-AAF0535.csv
False
False
33
32
ABC0174
2
r4.2-2-ABC0174.csv
False
False
50
49
AKR0057
2
r4.2-2-AKR0057.csv
False
False
False
46
CCL0068
2
r4.2-2-CCL0068.csv
60
False
57
58
CEJ0109
2
r4.2-2-CEJ0109.csv
False
False
64
64
CQW0652
2
r4.2-2-CQW0652.csv
False
False
64
False
DIB0285
2
r4.2-2-DIB0285.csv
False
False
37
36
DRR0162
2
r4.2-2-DRR0162.csv
48
False
50
50
EDB0714
2
r4.2-2-EDB0714.csv
47
False
46
48
EGD0132
2
r4.2-2-EGD0132.csv
37
False
37
37
FSC0601
2
r4.2-2-FSC0601.csv
False
False
False
62
HBO0413
2
r4.2-2-HBO0413.csv
False
False
63
63
HXL0968
2
r4.2-2-HXL0968.csv
40
False
35
41
IJM0776
2
r4.2-2-IJM0776.csv
32
False
False
33
IKR0401
2
r4.2-2-IKR0401.csv
False
False
56
57
IUB0565
2
r4.2-2-IUB0565.csv
47
False
46
46
JJM0203
2
r4.2-2-JJM0203.csv
False
False
40
40
KRL0501
2
r4.2-2-KRL0501.csv
51
False
False
53
LCC0819
2
r4.2-2-LCC0819.csv
28
False
30
30
MDH0580
2
r4.2-2-MDH0580.csv
58
False
False
59
MOS0047
2
r4.2-2-MOS0047.csv
False
False
False
False
NWT0098
2
r4.2-2-NWT0098.csv
False
False
65
64
PNL0301
2
r4.2-2-PNL0301.csv
31
False
False
30
PSF0133
2
r4.2-2-PSF0133.csv
31
False
31
37
RAR0725
2
r4.2-2-RAR0725.csv
28
False
False
31
RHL0992
2
r4.2-2-RHL0992.csv
36
False
32
34
RMW0542
2
r4.2-2-RMW0542.csv
33
27
False
30
TNM0961
2
r4.2-2-TNM0961.csv
False
False
49
48
VSS0154
2
r4.2-2-VSS0154.csv
False
False
False
43
XHW0498
2
r4.2-2-XHW0498.csv
36
False
33
37
BBS0039
3
r4.2-3-BBS0039.csv
False
32
False
False
BSS0369
3
r4.2-3-BSS0369.csv
False
False
False
False
CCA0046
3
r4.2-3-CCA0046.csv
False
False
False
False
CSC0217
3
r4.2-3-CSC0217.csv
23
23
23
23
GTD0219
3
r4.2-3-GTD0219.csv
False
False
False
False
JGT0221
3
r4.2-3-JGT0221.csv
28
28
False
28
JLM0364
3
r4.2-3-JLM0364.csv
False
69
False
False
JTM0223
3
r4.2-3-JTM0223.csv
False
29
False
False
MPM0220
3
r4.2-3-MPM0220.csv
False
False
False
False
MSO0222
3
r4.2-3-MSO0222.csv
False
49
False
False
This table gives the full results of evaluation against all 70 insiders against each of the three distance measurement techniques described in this paper. An entry of “False” indicates that the technique failed to detect the correct week in which insider threat occurred while a numerical value denotes the week in which the highest measurement value was detected for an attack.