ABSTRACT
This chapter describes the different classes of learning techniques for nonsequence data. It serves the purpose of providing more detail as to exactly how each method arrives at detecting insider threats and how ensemble models are built, modified, and discarded. The chapter discusses supervised learning and explores unsupervised learning. The ensemble of classifiers allows the unsupervised approach to outperform traditional static learning approaches and boosts the effectiveness over supervised learning approaches. Both contain the formulas necessary to understand the inner workings of each class of learning. The results in a classifier, exhibiting a substantial increase in classification accuracy for data streams containing insider threat anomalies. Insider threats appear as small percentage differences from the normative substructures. This is because insider threats attempt to closely mimic legitimate system operations except for small variations embodied by illegitimate behavior. The detection of these threats requires identifying these rare anomalous needles in a contextualized setting where behaviors are constantly evolving over time.
