Title | An Insider Threat Detection Method Based on Heterogeneous Graph Embedding |
Publication Type | Conference Paper |
Year of Publication | 2022 |
Authors | Zheng, Chaofan, Hu, Wenhui, Li, Tianci, Liu, Xueyang, Zhang, Jinchan, Wang, Litian |
Conference Name | 2022 IEEE 8th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS) |
Date Published | may |
Keywords | Behavioral sciences, Big Data, Computational modeling, Conferences, Data models, feature extraction, graph embedding, Heterogeneous Graph of employees' logs, Human Behavior, human factors, insider threat, Insider Threat Detection, insider threats, ITDD Model, machine learning, Metrics, Policy Based Governance, policy-based governance, pubcrawl, resilience, Resiliency |
Abstract | Insider threats have high risk and concealment characteristics, which makes traditional anomaly detection methods less effective in insider threat detection. Existing detection methods ignore the logical relationship between user behaviors and the consistency of behavior sequences among homogeneous users, resulting in poor model effects. We propose an insider threat detection method based on internal user heterogeneous graph embedding. Firstly, according to the characteristics of CERT data, comprehensively consider the relationship between users, the time sequence, and logical relationship, and construct a heterogeneous graph. In the second step, according to the characteristics of heterogeneous graphs, the embedding learning of graph nodes is carried out according to random walk and Word2vec. Finally, we propose an Insider Threat Detection Design (ITDD) model which can map and the user behavior sequence information into a high-dimensional feature space. In the CERT r5.2 dataset, compared with a variety of traditional machine learning methods, the effect of our method is significantly better than the final result. |
DOI | 10.1109/BigDataSecurityHPSCIDS54978.2022.00013 |
Citation Key | zheng_insider_2022 |