ABSTRACT
This chapter describes the approach to insider threat detection using stream data mining. It discusses sequence stream data and big data issues. One traditional approach to the insider threat detection problem is supervised learning, which builds data classification models from training data. Data, that is, associated with insider threat detection and classification is often continuous. In particular, longer patterns with higher weights due to frequent appearances in the stream are considered in the dictionary. The ensemble always keeps the models current as the stream evolves, preserving high detection accuracy as both legitimate and illegitimate behaviors evolve over time. The ensemble updating process is designed in both cases to keep the ensemble current as the stream evolves. That is, massive amounts of stream data are emanating from various devices and we need to analyze this data for insider threat detection. Applying Graph-based anomaly detection to the insider threat problem therefore requires that the models used be adaptive and efficient.
