2025_EML Capstone Projects

Data was derived from synthetic logs simulating VA user activity logs including login times, file access, and privilege escalations. Over 50,000 rows of synthetic data were generated to test detection accuracy. Time-series analysis and descriptive statistics were used to distinguish normal vs. suspicious patterns. Three algorithms were tested: Random Forest, SVM, and k-NN. Isolation Forest achieved ~95% detection accuracy. Key visualizations include outlier heatmaps and activity deviation timelines. The Isolation Forest algorithm was selected for its performance in detecting outliers. Metrics such as login frequency and access times were used to train models. Charts and tables illustrate anomaly clustering and model accuracy. Analysis revealed that rule based systems had high false positives, which ML models mitigated effectively.

6. Feasibility Analysis and Solution Selection Potential Solutions:

The following two decision-making frameworks for this decision analysis: SWOT analysis and risk assessment framework. 1- SWOT Analysis was chosen because it provides a clear, structured way to examine the strengths, weaknesses, opportunities, and threats of each solution. As cybersecurity and insider threat detection are quite complicated concepts, SWOT analysis helps in understanding both internal capabilities such as technical resources, and external risks like compliance and stakeholder perceptions or advantages associated with

Back to Table of Contents