Insider threat is destructive and concealable, making addressing it a challenging task in cybersecurity. Most existing methods transform user behavior into sequential information and analyze user behavior while neglecting structural information among users, resulting in high false positives. To solve this problem, in this paper, we propose Dual-Domain Graph Convolutional Network (referred to as DD-GCN), a graph-based modularized method for high accuracy and adaptive insider threat detection. The central idea is to convert user features and structural information into heterogeneous graphs in the light of various relationships and take user behavior and relationship into account together. To this end, a weighted feature similarity mechanism is applied to balance the feature similarity of users and original linkages among them so as to generate the fused structure. Next, specific graph embeddings are extracted from the original topology structure and fused structure simultaneously, which convert behavior information into high-level representations. Furthermore, an attention mechanism is applied to learn the adaptive importance weights of the user’s features in the corresponding embedding. The combination and difference constraints are proposed to enhance the learned embeddings’ commonality and the ability to capture different information. Extensive experiments on two real-world datasets clearly show that our proposed DD-GCN extracts the most correlated information from structural topology and feature information substantially, and achieves improved accuracy with a clear margin.

中文翻译：

---

用于内部威胁检测的具有双域图卷积网络的高精度自适应异常检测模型

内部威胁具有破坏性和隐蔽性，这使得解决它成为网络安全中的一项具有挑战性的任务。大多数现有方法将用户行为转化为序列信息并分析用户行为，而忽略了用户之间的结构信息，导致误报率高。为了解决这个问题，在本文中，我们提出了双域图卷积网络（简称 DD-GCN），这是一种基于图的模块化方法，用于高精度和自适应内部威胁检测。其中心思想是根据各种关系将用户特征和结构信息转化为异构图，并将用户行为和关系一起考虑。为此，应用加权特征相似度机制来平衡用户的特征相似度和用户之间的原始联系，从而生成融合结构。接下来，同时从原始拓扑结构和融合结构中提取特定的图嵌入，将行为信息转换为高级表示。此外，应用注意力机制来学习相应嵌入中用户特征的自适应重要性权重。提出了组合和差异约束，以增强学习嵌入的共性和捕获不同信息的能力。对两个真实世界数据集的大量实验清楚地表明，我们提出的 DD-GCN 从结构拓扑和特征信息中提取了最相关的信息，