chapter  16
Ensemble-Based Insider Threat Detection
ByBhavani Thuraisingham, Mohammad Mehedy Masud, Pallabi Parveen, Latifur Khan
Pages 6

This chapter discusses ensemble learning and explains ensemble for unsupervised learning. It describes the ensemble learning for supervising learning. Data relevant to insider threats is typically accumulated over many years of organization and system operations, and is therefore best characterized as an unbounded data stream. It should be noted that our goal is to provide a variety of stream mining methods for insider threat detection. Such a stream can be partitioned into a sequence of discrete chunks; for example, each chunk might comprise a week's worth of data. These observations suggest that a model built from a single chunk or any finite prefix of chunks is inadequate to properly classify all data in the stream. When streams observe the concept drift, this can be a significant advantage because the ensemble can identify patterns that are normative over the entire data stream or a significant number of chunks but not in the current chunk.