Few-shot Insider Threat Detection

Shuhan Yuan; Panpan Zheng; Xintao Wu; Hanghang Tong

doi:10.1145/3340531.3412161

Few-shot Insider Threat Detection

Shuhan Yuan, Panpan Zheng, Xintao Wu, Hanghang Tong

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Insiders cause significant cyber-security threats to organizations. Due to a very limited number of insiders, most of the current studies adopt unsupervised learning approaches to detect insiders by analyzing the audit data that record information about employees' activities. However, in practice, we do observe a small number of insiders. How to make full use of these few observed insiders to improve a classifier for insider threat detection is a key challenge. In this work, we propose a novel framework combining the idea of self-supervised pre-training and metric-based few-shot learning to detect insiders. Experimental results on insider threat datasets demonstrate that our model outperforms the existing anomaly detection approaches by only using a few insiders.

Original language	English (US)
Title of host publication	CIKM 2020 - Proceedings of the 29th ACM International Conference on Information and Knowledge Management
Publisher	Association for Computing Machinery
Pages	2289-2292
Number of pages	4
ISBN (Electronic)	9781450368599
DOIs	https://doi.org/10.1145/3340531.3412161
State	Published - Oct 19 2020
Event	29th ACM International Conference on Information and Knowledge Management, CIKM 2020 - Virtual, Online, Ireland Duration: Oct 19 2020 → Oct 23 2020

Publication series

Name	International Conference on Information and Knowledge Management, Proceedings

Conference

Conference	29th ACM International Conference on Information and Knowledge Management, CIKM 2020
Country	Ireland
City	Virtual, Online
Period	10/19/20 → 10/23/20

Keywords

cyber-security
few-shot learning
insider threat detection

ASJC Scopus subject areas

Business, Management and Accounting(all)
Decision Sciences(all)

Access to Document

10.1145/3340531.3412161

Fingerprint Dive into the research topics of 'Few-shot Insider Threat Detection'. Together they form a unique fingerprint.

Cite this

Few-shot Insider Threat Detection. / Yuan, Shuhan; Zheng, Panpan; Wu, Xintao; Tong, Hanghang.

CIKM 2020 - Proceedings of the 29th ACM International Conference on Information and Knowledge Management. Association for Computing Machinery, 2020. p. 2289-2292 (International Conference on Information and Knowledge Management, Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yuan, S, Zheng, P, Wu, X & Tong, H 2020, Few-shot Insider Threat Detection. in CIKM 2020 - Proceedings of the 29th ACM International Conference on Information and Knowledge Management. International Conference on Information and Knowledge Management, Proceedings, Association for Computing Machinery, pp. 2289-2292, 29th ACM International Conference on Information and Knowledge Management, CIKM 2020, Virtual, Online, Ireland, 10/19/20. https://doi.org/10.1145/3340531.3412161

@inproceedings{8e9974265c49432d957a034a1f5650de,

title = "Few-shot Insider Threat Detection",

abstract = "Insiders cause significant cyber-security threats to organizations. Due to a very limited number of insiders, most of the current studies adopt unsupervised learning approaches to detect insiders by analyzing the audit data that record information about employees' activities. However, in practice, we do observe a small number of insiders. How to make full use of these few observed insiders to improve a classifier for insider threat detection is a key challenge. In this work, we propose a novel framework combining the idea of self-supervised pre-training and metric-based few-shot learning to detect insiders. Experimental results on insider threat datasets demonstrate that our model outperforms the existing anomaly detection approaches by only using a few insiders.",

keywords = "cyber-security, few-shot learning, insider threat detection",

author = "Shuhan Yuan and Panpan Zheng and Xintao Wu and Hanghang Tong",

note = "Funding Information: This work was supported in part by NSF (1564250, 1946391) and the Department of Energy (DE-OE0000779).; 29th ACM International Conference on Information and Knowledge Management, CIKM 2020 ; Conference date: 19-10-2020 Through 23-10-2020",

year = "2020",

month = oct,

day = "19",

doi = "10.1145/3340531.3412161",

language = "English (US)",

series = "International Conference on Information and Knowledge Management, Proceedings",

publisher = "Association for Computing Machinery",

pages = "2289--2292",

booktitle = "CIKM 2020 - Proceedings of the 29th ACM International Conference on Information and Knowledge Management",

}

TY - GEN

T1 - Few-shot Insider Threat Detection

AU - Yuan, Shuhan

AU - Zheng, Panpan

AU - Wu, Xintao

AU - Tong, Hanghang

N1 - Funding Information: This work was supported in part by NSF (1564250, 1946391) and the Department of Energy (DE-OE0000779).

PY - 2020/10/19

Y1 - 2020/10/19

N2 - Insiders cause significant cyber-security threats to organizations. Due to a very limited number of insiders, most of the current studies adopt unsupervised learning approaches to detect insiders by analyzing the audit data that record information about employees' activities. However, in practice, we do observe a small number of insiders. How to make full use of these few observed insiders to improve a classifier for insider threat detection is a key challenge. In this work, we propose a novel framework combining the idea of self-supervised pre-training and metric-based few-shot learning to detect insiders. Experimental results on insider threat datasets demonstrate that our model outperforms the existing anomaly detection approaches by only using a few insiders.

AB - Insiders cause significant cyber-security threats to organizations. Due to a very limited number of insiders, most of the current studies adopt unsupervised learning approaches to detect insiders by analyzing the audit data that record information about employees' activities. However, in practice, we do observe a small number of insiders. How to make full use of these few observed insiders to improve a classifier for insider threat detection is a key challenge. In this work, we propose a novel framework combining the idea of self-supervised pre-training and metric-based few-shot learning to detect insiders. Experimental results on insider threat datasets demonstrate that our model outperforms the existing anomaly detection approaches by only using a few insiders.

KW - cyber-security

KW - few-shot learning

KW - insider threat detection

UR - http://www.scopus.com/inward/record.url?scp=85095862690&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85095862690&partnerID=8YFLogxK

U2 - 10.1145/3340531.3412161

DO - 10.1145/3340531.3412161

M3 - Conference contribution

AN - SCOPUS:85095862690

T3 - International Conference on Information and Knowledge Management, Proceedings

SP - 2289

EP - 2292

BT - CIKM 2020 - Proceedings of the 29th ACM International Conference on Information and Knowledge Management

PB - Association for Computing Machinery

T2 - 29th ACM International Conference on Information and Knowledge Management, CIKM 2020

Y2 - 19 October 2020 through 23 October 2020

ER -