Double-Layer Detection of Internal Threat in Enterprise Systems Based on Deep Learning

In recent years, phishing email-mediated attacks are proliferating. When victims are enterprise employees, internal security of the enterprise systems will also be threatened. Currently, blockchain technology can effectively improve the security and privacy of traditional email, but attacks initiated from within are still fatal. Therefore, we propose a double-layer detection framework in this paper. Firstly, from the perspective of individual security, Long Short-Term Memory (LSTM) and extreme gradient boosting tree (XGBoost) are used to build a phishing email detection model. The model generalization ability and precision rate are improved by adding a custom loss function in the training process. Then, from the perspective of group security, Bidirectional LSTM and Attention mechanism are used to build an insider threat detection model. Our model has better results for multi-domain time series and anomaly detection in comparison to different models and existing insider threat detection models. We test the effectiveness of the proposed framework through real phishing email cases and insider threat attack events on our simulation verification platform. The experimental results demonstrate that our proposed framework can protect enterprise systems from phishing attacks and insider threats. We also point out that this framework can be applied to mitigate the increasingly serious blockchain security threats.