Few-shot Insider Threat Detection

Shuhan Yuan, Panpan Zheng, Xintao Wu, Hanghang Tong

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Insiders cause significant cyber-security threats to organizations. Due to a very limited number of insiders, most of the current studies adopt unsupervised learning approaches to detect insiders by analyzing the audit data that record information about employees' activities. However, in practice, we do observe a small number of insiders. How to make full use of these few observed insiders to improve a classifier for insider threat detection is a key challenge. In this work, we propose a novel framework combining the idea of self-supervised pre-training and metric-based few-shot learning to detect insiders. Experimental results on insider threat datasets demonstrate that our model outperforms the existing anomaly detection approaches by only using a few insiders.

Original languageEnglish (US)
Title of host publicationCIKM 2020 - Proceedings of the 29th ACM International Conference on Information and Knowledge Management
PublisherAssociation for Computing Machinery
Pages2289-2292
Number of pages4
ISBN (Electronic)9781450368599
DOIs
StatePublished - Oct 19 2020
Event29th ACM International Conference on Information and Knowledge Management, CIKM 2020 - Virtual, Online, Ireland
Duration: Oct 19 2020Oct 23 2020

Publication series

NameInternational Conference on Information and Knowledge Management, Proceedings

Conference

Conference29th ACM International Conference on Information and Knowledge Management, CIKM 2020
CountryIreland
CityVirtual, Online
Period10/19/2010/23/20

Keywords

  • cyber-security
  • few-shot learning
  • insider threat detection

ASJC Scopus subject areas

  • Business, Management and Accounting(all)
  • Decision Sciences(all)

Fingerprint Dive into the research topics of 'Few-shot Insider Threat Detection'. Together they form a unique fingerprint.

Cite this