Detecting Insider Threats in Cyber Security Using Unsupervised Graph Convolution

Abstract

In this paper, we propose an unsupervised anomaly detection method using user feature embedding by graph convolution to detect insider threats in the field of cyber security.In recent years, research on insider threat detection using machine learning has been conducted in the field of cyber security.In general, supervised learning is used for detection. However, in real-world data, only a few of them have correct labels. Therefore, supervised learning is difficult.In this study, we used unsupervised learning for insider threat detection.And we construct a graph from the dataset and show that the accuracy can be improved by embedding features using graph convolution.For evaluation experiments, by analyzing the dataset, we discovered differences from real-world data and defined a more realistic problem setting.