Insidergan: Ealry Detection of Insider Threats in an Operational Enterprise Network
Enterprise networks are an ever-growing resource for both public and private institutions which provide valuable information to their users. Schools, governmental agencies, and more have been targeted by malware attacks, which seek to use malicious software to damage or steal data, which can result in monetary loss, security threats to employees or clients, or legal liabilities. As such,multiple tools have been developed with the intent of detecting this kind of threat early before damage is made to the network. One growing method for detection is to use machine learning for behavior analysis and detection. InsiderGAN is one such tool that uses a Generative Adversarial Network capable of analyzing and detecting malware patterns from a variety of malware families in host-based logs from an enterprise network collected using the Windows Logging Service (WLS).