Insider threat detection approach for tobacco industry based on heterogeneous graph embedding |
| |
| Affiliation: | 1.Information Center,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310024,P.R.China;2.Hangzhou Cigarette Factory,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310024,P.R.China;3.College of Information Engineering,Zhejiang University of Technology,Hangzhou 310014,P.R.China |
| |
| Abstract: | In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experi-ments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods. |
| |
| Keywords: | insider threat detection advanced persistent threats graph construction hetero-geneous graph embedding |
| 本文献已被 万方数据 等数据库收录! |
|
