bxs, file, pdf

Investigation into the use of Machine Learning Algorithms for Detecting Insider Threats through IP Spoofing in Organizational Networks

1Akawuku I. Godspower, 2Adejumo Samuel Olujimi, 3Olatunde Ayodeji Akano, 4Abdullateef Abdulsomad Tunde and 5David Mulumeoderhwa Bahati

1Department of Software Engineering, Nnamdi Azikiwe University, Awka, Nigeria

2Departments of Cybersecurity, Nnamdi Azikiwe University, Awka, Nigeria

3Department of Computer Sciences, Abiola Ajimobi Technical University, Ibadan, Nigeria

4Department of Computer Sciences, Abiola Ajimobi Technical University, Ibadan, Nigeria

5Department of Computer Science, Olivia University, Bujumbura, Burundi

Email: gi.akawuku@unizik.edu.ng, so.adejumo@unizik.edu.ng

ABSTRACT

Insider threats pose a significant challenge to organizational cybersecurity, especially when coupled with sophisticated techniques such as IP spoofing to obfuscate the origin of malicious activity. This study aims to identify insider threats that exploit IP spoofing by leveraging machine learning algorithms, specifically Decision Tree and Random Forest models. A labeled dataset containing network traffic with features indicative of spoofed and legitimate IP activity was utilized. Preprocessing steps included feature selection, normalization, and data balancing to ensure model robustness. The Decision Tree model provided interpretable rules for classifying traffic patterns, while the Random Forest model improved predictive accuracy through ensemble learning. Both models were trained and tested using k-fold cross-validation to minimize overfitting and ensure generalization. Performance metrics such as accuracy, precision, recall, and F1-score were used to evaluate model effectiveness. Results indicated that the Random Forest outperformed the Decision Tree, achieving higher accuracy and better detection rates of spoofed insider activity. The findings demonstrate the feasibility of using ML-based approaches to detect complex insider threats that leverage IP spoofing, providing actionable insights for network security operations. Future work will explore real-time implementation and the integration of additional behavioral indicators to enhance detection capabilities in dynamic network environments.

Keywords: Investigation, Machine learning algorithms, Detecting, Insider Threats, IP Spoofing, Organizational Networks.

CITE AS: Akawuku I. Godspower, Adejumo Samuel Olujimi, Olatunde Ayodeji Akano, Abdullateef Abdulsomad Tunde and David Mulumeoderhwa Bahati (2025). Investigation into the use of Machine Learning Algorithms for Detecting Insider Threats through IP Spoofing in Organizational Networks. NEWPORT INTERNATIONAL JOURNAL OF ENGINEERING AND PHYSICAL SCIENCES, 5(2):11-24 https://doi.org/10.59298/NIJEP/2025/5211240