Fine Grained Insider Risk Detection

• URL: http://arxiv.org/abs/2411.02645v1
• Date: Mon, 04 Nov 2024 22:07:38 GMT
• Title: Fine Grained Insider Risk Detection
• Authors: Birkett Huber, Casper Neo, Keiran Sampson, Alex Kantchelian, Brett Ksobiech, Yanis Pavlidis,
• Abstract summary: We present a method to detect departures from business-justified among support agents. We apply our method to help audit millions of actions of over three thousand support agents.
• Score: 0.0
• License:
• Abstract: We present a method to detect departures from business-justified workflows among support agents. Our goal is to assist auditors in identifying agent actions that cannot be explained by the activity within their surrounding context, where normal activity patterns are established from historical data. We apply our method to help audit millions of actions of over three thousand support agents. We collect logs from the tools used by support agents and construct a bipartite graph of Actions and Entities representing all the actions of the agents, as well as background information about entities. From this graph, we sample subgraphs rooted on security-significant actions taken by the agents. Each subgraph captures the relevant context of the root action in terms of other actions, entities and their relationships. We then prioritize the rooted-subgraphs for auditor review using feed-forward and graph neural networks, as well as nearest neighbors techniques. To alleviate the issue of scarce labeling data, we use contrastive learning and domain-specific data augmentations. Expert auditors label the top ranked subgraphs as ``worth auditing" or ``not worth auditing" based on the company's business policies. This system finds subgraphs that are worth auditing with high enough precision to be used in production.

Related papers

• Deep Active Learning with Noisy Oracle in Object Detection [5.5165579223151795]
  We propose a composite active learning framework including a label review module for deep object detection. We show that utilizing part of the annotation budget to correct the noisy annotations partially in the active dataset leads to early improvements in model performance. In our experiments we achieve improvements of up to 4.5 mAP points of object detection performance by incorporating label reviews at equal annotation budget.
  arXiv  Detail & Related papers  (2023-09-30T13:28:35Z)
• On the relevance of APIs facing fairwashed audits [3.479254848034425]
  Recent legislation required AI platforms to provide APIs for regulators to assess their compliance with the law. Research has shown that platforms can manipulate their API answers through fairwashing. This paper studies the benefits of the joint use of platform scraping and of APIs.
  arXiv  Detail & Related papers  (2023-05-23T10:06:22Z)
• ReAct: Temporal Action Detection with Relational Queries [84.76646044604055]
  This work aims at advancing temporal action detection (TAD) using an encoder-decoder framework with action queries. We first propose a relational attention mechanism in the decoder, which guides the attention among queries based on their relations. Lastly, we propose to predict the localization quality of each action query at inference in order to distinguish high-quality queries.
  arXiv  Detail & Related papers  (2022-07-14T17:46:37Z)
• Learning to Detect Instance-level Salient Objects Using Complementary Image Labels [55.049347205603304]
  We present the first weakly-supervised approach to the salient instance detection problem. We propose a novel weakly-supervised network with three branches: a Saliency Detection Branch leveraging class consistency information to locate candidate objects; a Boundary Detection Branch exploiting class discrepancy information to delineate object boundaries; and a Centroid Detection Branch using subitizing information to detect salient instance centroids.
  arXiv  Detail & Related papers  (2021-11-19T10:15:22Z)
• A2Log: Attentive Augmented Log Anomaly Detection [53.06341151551106]
  Anomaly detection becomes increasingly important for the dependability and serviceability of IT services. Existing unsupervised methods need anomaly examples to obtain a suitable decision boundary. We develop A2Log, which is an unsupervised anomaly detection method consisting of two steps: Anomaly scoring and anomaly decision.
  arXiv  Detail & Related papers  (2021-09-20T13:40:21Z)
• WSSOD: A New Pipeline for Weakly- and Semi-Supervised Object Detection [75.80075054706079]
  We propose a weakly- and semi-supervised object detection framework (WSSOD) An agent detector is first trained on a joint dataset and then used to predict pseudo bounding boxes on weakly-annotated images. The proposed framework demonstrates remarkable performance on PASCAL-VOC and MSCOCO benchmark, achieving a high performance comparable to those obtained in fully-supervised settings.
  arXiv  Detail & Related papers  (2021-05-21T11:58:50Z)
• Mining Knowledge Graphs From Incident Reports [3.3395585414528663]
  Incident reports filed by customers are largely unstructured making diagnosis or mitigation non-trivial. We present an approach to mine and score binary entity relations from co-occurring entity pairs. We construct knowledge graphs automatically and show that the implicit knowledge in the graph can be used to rank relevant entities for distinct incidents.
  arXiv  Detail & Related papers  (2021-01-15T04:15:26Z)
• Temporal Action Detection with Multi-level Supervision [116.55596693897388]
  We introduce the Semi-supervised Action Detection (SSAD) task with a mixture of labeled and unlabeled data. We analyze different types of errors in the proposed SSAD baselines which are directly adapted from the semi-supervised classification task. We incorporate weakly-labeled data into SSAD and propose Omni-supervised Action Detection (OSAD) with three levels of supervision.
  arXiv  Detail & Related papers  (2020-11-24T04:45:17Z)
• Weakly-supervised Salient Instance Detection [65.0408760733005]
  We present the first weakly-supervised approach to the salient instance detection problem. We propose a novel weakly-supervised network with three branches: a Saliency Detection Branch leveraging class consistency information to locate candidate objects; a Boundary Detection Branch exploiting class discrepancy information to delineate object boundaries; and a Centroid Detection Branch using subitizing information to detect salient instance centroids.
  arXiv  Detail & Related papers  (2020-09-29T09:47:23Z)
• ADSAGE: Anomaly Detection in Sequences of Attributed Graph Edges applied to insider threat detection at fine-grained level [0.5134435281973136]
  We introduce ADSAGE to detect anomalies in audit log events modeled as graph edges. Our method is the first to perform anomaly detection at edge level while supporting both edge sequences and attributes. We evaluate ADSAGE on authentication, email traffic and web browsing logs from the CERT insider threat datasets.
  arXiv  Detail & Related papers  (2020-07-14T12:05:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.