ScienceGate Book Chapters
JOURNAL ARTICLE

A Graph Convolution Neural Network Based Method for Insider Threat Detection

Kexiong FeiJiang ZhouLin SuWeiping WangYong ChenFan Zhang

Year: 2022 Pages: 66-73
DOI: 10.1109/ispa-bdcloud-socialcom-sustaincom57177.2022.00016
   Get Full-Text PDF    Get Analytical Report

Abstract

In this research, we propose Log2Graph, a new insider threat detection method based on graph convolution neural network (GCN). This method first retrieves the corresponding logs and features from log files through feature extraction. Specifically, we use an auxiliary feature of anomaly index to describe relationship between entities, such as users and hosts, instead of establish complex connections between them. Second, these logs and features are augmented through a combination of oversampling and downsampling, to prepare for the next-stage supervised learning process. Third, we use three elaborated rules to construct the graph of each user by connecting the logs according to chronological and logical relationship. At last, the graph convolution neural network constructed is used to detect insider threats. Our validation and evaluation results confirm that Log2Graph can greatly improve the performance of detecting insider threats compared against baseline and existing methods.

Keywords:
Computer science Upsampling Graph Insider threat Feature extraction Convolution (computer science) Data mining Artificial intelligence Artificial neural network Pattern recognition (psychology) Convolutional neural network Insider Feature (linguistics) Theoretical computer science

Metrics

13
Cited By
2.79
FWCI (Field Weighted Citation Impact)
46
Refs
0.86
Citation Normalized Percentile
Is in top 1%
Is in top 10%

Citation History

Topics

Software System Performance and Reliability
Physical Sciences →  Computer Science →  Computer Networks and Communications
Anomaly Detection Techniques and Applications
Physical Sciences →  Computer Science →  Artificial Intelligence
Network Security and Intrusion Detection
Physical Sciences →  Computer Science →  Computer Networks and Communications

Related Documents

JOURNAL ARTICLE

Log2Graph: A graph convolution neural network based method for insider threat detection

Kexiong FeiJiang ZhouLin SuWeiping WangYong Chen

Journal:   Journal of Computer Security Year: 2024 Vol: 33 (1)Pages: 37-56
JOURNAL ARTICLE

Insider Threat Detection Based On Heterogeneous Graph Neural Network

Tian TianYiru GongBo JiangS. AbdollahiHuamin FengZhigang Lu

Year: 2023 Pages: 628-635
BOOK-CHAPTER

SlotITD: Insider Threat Detection Method Using Slot-Based Heterogeneous Graph Neural Network

Chen ZhangYinhao QiYan ZhuBo JiangZhigang LuTao Guo

Communications in computer and information science Year: 2025 Pages: 478-492
JOURNAL ARTICLE

Robust Anomaly-Based Insider Threat Detection Using Graph Neural Network

Junchao XiaoLin YangFuli ZhongXiaolei WangHongbo ChenDongyang Li

Journal:   IEEE Transactions on Network and Service Management Year: 2022 Vol: 20 (3)Pages: 3717-3733
JOURNAL ARTICLE

ATHITD: Attention-based temporal heterogeneous graph neural network for insider threat detection

Yinhao QiChuyi YanZehui WangChen ZhangSong LiuZhigang LüBo Jiang

Journal:   Computers & Security Year: 2025 Vol: 157 Pages: 104587-104587
© 2026 ScienceGate Book Chapters — All rights reserved.