In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,t...In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experiments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.展开更多
Researchers usually detect insider threats by analyzing user behavior.The time information of user behavior is an important concern in internal threat detection.Existing works on insider threat detection fail to make ...Researchers usually detect insider threats by analyzing user behavior.The time information of user behavior is an important concern in internal threat detection.Existing works on insider threat detection fail to make full use of the time information,which leads to their poor detection performance.In this paper,we propose a novel behavioral feature extraction scheme:we implicitly encode absolute time information in the behavioral feature sequences and use a feature sequence construction method taking covariance into account to make our scheme adaptive to users.We select Stacked Bidirectional LSTM and Feedforward Neural Network to build a deep learning-based insider threat detection model:Behavior Rhythm Insider Threat Detection(BRITD).BRITD is universally applicable to various insider threat scenarios,and it has good insider threat detection performance:it achieves an AUC of 0.9730 and a precision of 0.8072 with the CMU CERT dataset,which exceeds all baselines.展开更多
基金Supported by the National Natural Science Foundation of China(No.62203390)the Science and Technology Project of China TobaccoZhejiang Industrial Co.,Ltd(No.ZJZY2022E004)。
文摘In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experiments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.
基金supported by the National Key Research and Development Program of China.
文摘Researchers usually detect insider threats by analyzing user behavior.The time information of user behavior is an important concern in internal threat detection.Existing works on insider threat detection fail to make full use of the time information,which leads to their poor detection performance.In this paper,we propose a novel behavioral feature extraction scheme:we implicitly encode absolute time information in the behavioral feature sequences and use a feature sequence construction method taking covariance into account to make our scheme adaptive to users.We select Stacked Bidirectional LSTM and Feedforward Neural Network to build a deep learning-based insider threat detection model:Behavior Rhythm Insider Threat Detection(BRITD).BRITD is universally applicable to various insider threat scenarios,and it has good insider threat detection performance:it achieves an AUC of 0.9730 and a precision of 0.8072 with the CMU CERT dataset,which exceeds all baselines.
