Graph Intelligence Enhanced Bi-Channel Insider Threat Detection
For an organization, insider intrusion generally poses far more detrimental threats than outsider intrusion. Traditionally, insider threat is detected by analyzing logged user behaviours and then establishing a binary classifier to distinguish malicious ones. However, most approaches consider user b...
Saved in:
| Published in | Network and System Security Vol. 13787; pp. 86 - 102 |
|---|---|
| Main Authors | , , , , , , |
| Format | Book Chapter |
| Language | English |
| Published |
Switzerland
Springer
2022
Springer Nature Switzerland |
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 9783031230196 3031230191 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/978-3-031-23020-2_5 |
Cover
| Abstract | For an organization, insider intrusion generally poses far more detrimental threats than outsider intrusion. Traditionally, insider threat is detected by analyzing logged user behaviours and then establishing a binary classifier to distinguish malicious ones. However, most approaches consider user behaviour in an isolated manner, inevitably missing the background information from organizational connections such as a shared supervisor or e-mail interactions. Consequently, the performance of those existing works still has the potential to be enhanced. In this paper, we propose a bi-channel insider threat detection (B-CITD) framework enhanced by graph intelligence to improve the overall performance of existing methods. Firstly, We extract behavioural features from a series of log files as the inner-user channel features. Secondly, we construct an organizational connection graph and extract topological features through a graph neural networks (GNN) model as the inter-user channel features. In the end, the features from inner-user and inter-user channels are combined together to perform an insider threat detection task through a binary classification model. Experimental results on an open-sourced CERT 4.2 dataset show that B-CITD can enhance the performance of insider threat detection by a large margin, compared with using features only from inner-user or inter-user channels. We published our code on GitHub: https://github.com/Wayne-on-the-road/B-CITD. |
|---|---|
| AbstractList | For an organization, insider intrusion generally poses far more detrimental threats than outsider intrusion. Traditionally, insider threat is detected by analyzing logged user behaviours and then establishing a binary classifier to distinguish malicious ones. However, most approaches consider user behaviour in an isolated manner, inevitably missing the background information from organizational connections such as a shared supervisor or e-mail interactions. Consequently, the performance of those existing works still has the potential to be enhanced. In this paper, we propose a bi-channel insider threat detection (B-CITD) framework enhanced by graph intelligence to improve the overall performance of existing methods. Firstly, We extract behavioural features from a series of log files as the inner-user channel features. Secondly, we construct an organizational connection graph and extract topological features through a graph neural networks (GNN) model as the inter-user channel features. In the end, the features from inner-user and inter-user channels are combined together to perform an insider threat detection task through a binary classification model. Experimental results on an open-sourced CERT 4.2 dataset show that B-CITD can enhance the performance of insider threat detection by a large margin, compared with using features only from inner-user or inter-user channels. We published our code on GitHub: https://github.com/Wayne-on-the-road/B-CITD. |
| Author | Yin, Jiao Li, Jianxin Liu, Ming Hong, Wei You, Mingshan Wang, Hua Cao, Jinli |
| Author_xml | – sequence: 1 givenname: Wei orcidid: 0000-0003-2833-9228 surname: Hong fullname: Hong, Wei – sequence: 2 givenname: Jiao orcidid: 0000-0002-0269-2624 surname: Yin fullname: Yin, Jiao email: jiao.yin@vu.edu.au – sequence: 3 givenname: Mingshan orcidid: 0000-0003-0958-528X surname: You fullname: You, Mingshan – sequence: 4 givenname: Hua orcidid: 0000-0002-8465-0996 surname: Wang fullname: Wang, Hua – sequence: 5 givenname: Jinli orcidid: 0000-0002-0221-6361 surname: Cao fullname: Cao, Jinli – sequence: 6 givenname: Jianxin orcidid: 0000-0002-9059-330X surname: Li fullname: Li, Jianxin – sequence: 7 givenname: Ming orcidid: 0000-0002-2160-6111 surname: Liu fullname: Liu, Ming |
| BookMark | eNotUEtOwzAUNFAQbekJ2OQCBtvPjuMVglJKpUpsytpyktcmEDnBDvfHbVnN-8yMRjMjE997JOSeswfOmH40uqBAGXAqgAlGhVUXZAbpcNrVJZnynHMKIM0VWST6_4-bfEKmLJGo0RJuyIyDyiUrRC5uySLGL8aYKAAYM1PytA5uaLKNH7Hr2gP6CrOVb1zCOntp6TKNHrtEiG2NIds1Ad2YveKI1dj2_o5c710XcfGPc_L5ttot3-n2Y71ZPm_pICQbaQoAvKyZcLpGl8IKpdSeo6phj1w4V-naqDwveIUKSgdVKZWRuay1LLhQMCf87BuH0PoDBlv2_Xe0nNljXTZZWrCpAXuqx6a6kkacNUPof34xjhaPogr9GFxXNW4YMUSruRJGalskFwN_1XRoOw |
| ContentType | Book Chapter |
| Copyright | The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 |
| Copyright_xml | – notice: The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 |
| DBID | FFUUA |
| DEWEY | 005.8 |
| DOI | 10.1007/978-3-031-23020-2_5 |
| DatabaseName | ProQuest Ebook Central - Book Chapters - Demo use only |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Mathematics Computer Science |
| EISBN | 3031230205 9783031230202 |
| EISSN | 1611-3349 |
| Editor | Alcaraz, Cristina Majumdar, Suryadipta Yuan, Xingliang Bai, Guangdong |
| Editor_xml | – sequence: 1 fullname: Majumdar, Suryadipta – sequence: 2 fullname: Yuan, Xingliang – sequence: 3 fullname: Alcaraz, Cristina – sequence: 4 fullname: Bai, Guangdong |
| EndPage | 102 |
| ExternalDocumentID | EBC7152947_87_99 |
| GroupedDBID | 38. AABBV AAZWU ABSVR ABTHU ABVND ACBPT ACHZO ACPMC ADNVS AEDXK AEJLV AEKFX AHVRR AIYYB ALMA_UNASSIGNED_HOLDINGS BBABE CZZ FFUUA IEZ SBO TPJZQ TSXQS Z7R Z7U Z7X Z7Z Z81 Z83 Z84 Z88 |
| ID | FETCH-LOGICAL-p240t-56431bd02a7dea9782555f1e5d3fe12aac7d956681ce53ba3cb459464d7481253 |
| ISBN | 9783031230196 3031230191 |
| ISSN | 0302-9743 |
| IngestDate | Tue Jul 29 20:27:50 EDT 2025 Tue Jul 22 07:49:49 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| LCCallNum | QA268 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-p240t-56431bd02a7dea9782555f1e5d3fe12aac7d956681ce53ba3cb459464d7481253 |
| OCLC | 1356408262 |
| ORCID | 0000-0003-2833-9228 0000-0002-9059-330X 0000-0002-0269-2624 0000-0002-2160-6111 0000-0003-0958-528X 0000-0002-0221-6361 0000-0002-8465-0996 |
| PQID | EBC7152947_87_99 |
| PageCount | 17 |
| ParticipantIDs | springer_books_10_1007_978_3_031_23020_2_5 proquest_ebookcentralchapters_7152947_87_99 |
| PublicationCentury | 2000 |
| PublicationDate | 2022 |
| PublicationDateYYYYMMDD | 2022-01-01 |
| PublicationDate_xml | – year: 2022 text: 2022 |
| PublicationDecade | 2020 |
| PublicationPlace | Switzerland |
| PublicationPlace_xml | – name: Switzerland – name: Cham |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSeriesTitleAlternate | Lect.Notes Computer |
| PublicationSubtitle | 16th International Conference, NSS 2022, Denarau Island, Fiji, December 9-12, 2022, Proceedings |
| PublicationTitle | Network and System Security |
| PublicationYear | 2022 |
| Publisher | Springer Springer Nature Switzerland |
| Publisher_xml | – name: Springer – name: Springer Nature Switzerland |
| RelatedPersons | Hartmanis, Juris Gao, Wen Steffen, Bernhard Bertino, Elisa Goos, Gerhard Yung, Moti |
| RelatedPersons_xml | – sequence: 1 givenname: Gerhard surname: Goos fullname: Goos, Gerhard – sequence: 2 givenname: Juris surname: Hartmanis fullname: Hartmanis, Juris – sequence: 3 givenname: Elisa surname: Bertino fullname: Bertino, Elisa – sequence: 4 givenname: Wen surname: Gao fullname: Gao, Wen – sequence: 5 givenname: Bernhard orcidid: 0000-0001-9619-1558 surname: Steffen fullname: Steffen, Bernhard – sequence: 6 givenname: Moti orcidid: 0000-0003-0848-0873 surname: Yung fullname: Yung, Moti |
| SSID | ssj0002833009 ssj0002792 |
| Score | 2.155468 |
| Snippet | For an organization, insider intrusion generally poses far more detrimental threats than outsider intrusion. Traditionally, insider threat is detected by... |
| SourceID | springer proquest |
| SourceType | Publisher |
| StartPage | 86 |
| SubjectTerms | Graph neural networks Insider threat Supervised learning Topological feature |
| Title | Graph Intelligence Enhanced Bi-Channel Insider Threat Detection |
| URI | http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=7152947&ppg=99&c=UERG http://link.springer.com/10.1007/978-3-031-23020-2_5 |
| Volume | 13787 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Lb9QwELbocgEOlAKi0CIfOLEKavxMDggVWFhVbS9saW-WnXi7e8lWJBVSfz3jVza76qVcoiiK7GTGHs-Mv_mM0Ie6pmZuyyrjlTAZK7XINC_yzDBZzh05ifY8s2fnYnrBTq741WDH1FWXdOZTdXdvXcn_aBWegV5dlewDNNs3Cg_gHvQLV9AwXLec3800ayRc8gDugL30fMwxed71WfJpxNte2mU_u-PpW0u9Gkz4AKBvrtvFerBcxkzy9FYPx9VPx3Adq08ik-ekWQQcwddl5qoVGuv4O_w5oOPZwucgvtvOY75C6044tv18Gvcvzledh4WN0xETyeIMUxKEbKUkUkrS4a1dK7_-Lru7ULu8Eb3C6gnrpiPoGRg9ChYaYpxg9GwwysJRLdJAbRoNbeLPvgkH55J7V4MhAAT6yqAzCJaJ4jtoB7ofocfHk5PT3_3K7cgU-wQd-F30KECE0je52qD0zXlgb1r_Q09pFViLt3rcCGC29ty9KzPbRc9ceQt2dScg6RfokW320PMkeRwlv4eenvWEvu1L9MWrHQ_VjpPa8VrtOKodB7XjXu2v0MWPyezbNItnb2Q34ON1GcxSmpv6iGhZWw0_BKEnn-eW13Ruc6J1JWsIrUWRV5ZTo2llGC-ZYLVk4DNy-hqNmlVj3yCcaymFYEIXDGL9nBjDq1qAF1QWJZEk30fjJBrlEQIRllwFQbRKgo9ZMqkKqcpyH31M0lPu5VYl4m34SEUVSF15qSuQ-tuHvPwOPVkP5gM06v7c2kPwODvzPg6Uf60vdPE |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Network+and+System+Security&rft.au=Hong%2C+Wei&rft.au=Yin%2C+Jiao&rft.au=You%2C+Mingshan&rft.au=Wang%2C+Hua&rft.atitle=Graph+Intelligence+Enhanced+Bi-Channel+Insider+Threat+Detection&rft.series=Lecture+Notes+in+Computer+Science&rft.date=2022-01-01&rft.pub=Springer+Nature+Switzerland&rft.isbn=9783031230196&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=86&rft.epage=102&rft_id=info:doi/10.1007%2F978-3-031-23020-2_5 |
| thumbnail_s | http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F7152947-l.jpg |