Fig. 10
From: Daily insider threat detection with hybrid TCN transformer architecture
Experimental Workflow Diagram. First, features are extracted and saved to a CSV file. Subsequently, Linear Discriminant Analysis (LDA) is applied to reduce the dimensionality of the data. The dimensionality-reduced data are then processed through windowing. The dataset is divided according to users for phased training. In the first phase, 860 normal users are selected to learn the normal behavior patterns. In the second phase, 56 malicious and 56 normal users are chosen to adjust the model weights. Finally, 14 malicious and 14 normal users are left as the test set. After model training, classification is performed using a classifier.
