CPID: Insider threat detection using profiling and cyber-persona identification.

In digital environments, network administrators can benefit from the advanced network traffic monitor-ing capabilities with respect to the type of users (persona) and their specific network activities. This can be leveraged to derive corresponding persona profiles that can be subsequently used to detect anomalies and security events. Also, upon the occurrence and detection of a security event, it is important to get full details on the underlying entities and to gain relevant insights to mitigate and prevent such occurrences in the future. In this context, this paper proposes an innovative approach leveraging machine learning techniques along with deep learning for persona-specific traffic profile generation. This capability can be deployed as part of online traffic monitoring solutions for persona identification and anomalous net-work behaviour detection, where no software needs to be installed on deployed workstations. Performed experiments indicate that the proposed approach is efficient, scalable, and suitable for near real-time deployment scenarios.& COPY; 2023 Published by Elsevier Ltd.