Shuhan Yuan

Shuhan Yuan

Assistant Professor | Computer Science Department, Utah State University

Deep Learning for Insider Threat Detection

Insiders are malicious people within organizations who abuse their authorized access in a manner that compromises the confidentiality, integrity, or availability of information systems. Attacks from insiders are hard to detect and can cause significant loss to organizations. While the problem of insider threat detection has been studied for a long time, the traditional machine learning-based detection approaches, which heavily rely on feature engineering, are hard to accurately capture the behavior difference between insiders and normal users due to the dynamic and adaptive nature of insider threats. This project aims to develop novel deep learning approaches to achieve insider threat detection from complex user behavior data.

People

  • Shuhan Yuan
  • Xiao Han
  • He Cheng

Publications

  • Shuhan Yuan and Xintao Wu. “Deep Learning for Insider Threat Detection: Review, Challenges and Opportunities”. Computer & Security, 2021. [link] [arxiv]

  • Haixuan Guo, Shuhan Yuan and Xintao Wu. “LogBERT: Log Anomaly Detection via BERT”. In the Proceedings of the International Conference on Neural Networks (IJCNN), 2021. [arxiv] [code]

  • Xiao Han, Shuhan Yuan. “Unsupervised Cross-system Log Anomaly Detection via Domain Adaptation.” In the Proceedings of the 30th ACM International Conference on Information and Knowledge Management (CIKM), 2021. (short paper) [link] [code]

  • Panpan Zheng, Shuhan Yuan, and Xintao Wu. “2021. Using Dirichlet Marked Hawkes Processes for Insider Threat Detection.” Digital Threats: Research and Practice 3, 1, Article 5 (March 2022), 19 pages. [link] [code]

  • Xiao Han, He Cheng, Depeng Xu, and Shuhan Yuan. “InterpretableSAD: Interpretable Anomaly Detection in Sequential Log Data.” In the Proceedings of 2021 IEEE International Conference on Big Data (BigData), 2021. [link] [code]

  • M.S. Vinay, Shuhan Yuan and Xintao Wu. “Contrastive Learning for Insider Threat Detection.” In the Proceedings of the 27th International Conference on Database Systems for Advanced Applications (DASFAA), 2022. (short paper). [link]

  • He Cheng, Depeng Xu, and Shuhan Yuan. “Sequential Anomaly Detection with Local and Global Explanations.” In the Proceedings of the 2022 IEEE International Conference on Big Data (BigData), 2022.

  • Xiao Han, Depeng Xu, Shuhan Yuan and Xintao Wu. “Few-shot Anomaly Detection and Classification Through Reinforced Data Selection.” In the Proceedings of the 22nd IEEE International Conference on Data Mining (ICDM), 2022.

  • Xingyi Zhao, Lu Zhang, Depeng Xu, and Shuhan Yuan. “Generating Textual Adversaries with Minimal Perturbation.” In the Findings of the 2022 Conference on Empirical Methods in Natural Language Processing (EMNLP), Short Paper Track, 2022. [arxiv] [code]

Acknowledgements

This material is based upon work supported by National Science Foundation under 2103829. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.