Anomaly Detection with Graph Convolutional Networks for Insider Threat and Fraud Detection

Jiang, Jianguo; Chen, Jiuming; Gu, Tao; Choo, Kim‐Kwang Raymond; Liu, Chao; Yu, Min; Huang, Weiqing; Mohapatra, Prasant

doi:10.1109/milcom47813.2019.9020760

Cited by 107 publications

(40 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Public datasets/software GNN-based solutions Point anomaly Secure water treatment (SWaT), water distribution system (WADI), and critical infrastructure security showdown (CISS) datasets [123], [124], [125] Contextual anomaly SWaT, WADI and BATADAL datasets, as well as the Xcos software and epanetCPA toolbox [124], [125], [126], [127], [128] Collective anomaly LITNET-2020, M2M Using OPC UA, WUSTL-IIoT-2018 and KDD 1999 datasets, as well as the Xcos software and the epanetCPA tool [129], [130], [131] fault flaw overheat defect Fig. 6.…”

Section: Type Of Anomaliesmentioning

confidence: 99%

See 1 more Smart Citation

Graph Neural Networks for Anomaly Detection in Industrial Internet of Things

Dai

Tang

2022

IEEE Internet Things J.

132

View full text Add to dashboard Cite

The Industrial Internet of Things (IIoT) plays an important role in digital transformation of traditional industries towards Industry 4.0. By connecting sensors, instruments and other industry devices to the Internet, IIoT facilitates the data collection, data analysis, and automated control, thereby improving the productivity and efficiency of the business as well as the resulting economic benefits. Due to the complex IIoT infrastructure, anomaly detection becomes an important tool to ensure the success of IIoT. Due to the nature of IIoT, graph-level anomaly detection has been a promising means to detect and predict anomalies in many different domains such as transportation, energy and factory, as well as for dynamically evolving networks. This paper provides a useful investigation on graph neural networks (GNN) for anomaly detection in IIoTenabled smart transportation, smart energy and smart factory. In addition to the GNN-empowered anomaly detection solutions on point, contextual, and collective types of anomalies, useful datasets, challenges and open issues for each type of anomalies in the three identified industry sectors (i.e., smart transportation, smart energy and smart factory) are also provided and discussed, which will be useful for future research in this area. To demonstrate the use of GNN in concrete scenarios, we show three case studies in smart transportation, smart energy, and smart factory, respectively.

show abstract

Section: Type Of Anomaliesmentioning

confidence: 99%

“…2) GNN solutions to anomaly detection: Jiang et al [129] devised a GCN-based anomaly detection model that can capture the entities' properties and structural information between them into graphs. With the proposed model, both abnormal behaviors of individuals and the associated anomalous groups can be detected.…”

Section: Collectivementioning

confidence: 99%

Graph Neural Networks for Anomaly Detection in Industrial Internet of Things

Dai

Tang

2022

IEEE Internet Things J.

132

View full text Add to dashboard Cite

show abstract

“…The dataset also consists of ground truth information needed to validate the approaches. The CMU CERT dataset is the most popular dataset being used in almost all the recent works in insider threat analysis [42][43][44][45].…”

Section: Datasetmentioning

confidence: 99%

Image-Based Feature Representation for Insider Threat Classification

2020

View full text Add to dashboard Cite

Cybersecurity attacks can arise from internal and external sources. The attacks perpetrated by internal sources are also referred to as insider threats. These are a cause of serious concern to organizations because of the significant damage that can be inflicted by malicious insiders. In this paper, we propose an approach for insider threat classification which is motivated by the effectiveness of pre-trained deep convolutional neural networks (DCNNs) for image classification. In the proposed approach, we extract features from usage patterns of insiders and represent these features as images. Hence, images are used to represent the resource access patterns of the employees within an organization. After construction of images, we use pre-trained DCNNs for anomaly detection, with the aim to identify malicious insiders. Random under sampling is used for reducing the class imbalance issue. The proposed approach is evaluated using the MobileNetV2, VGG19, and ResNet50 pre-trained models, and a benchmark dataset. Experimental results show that the proposed method is effective and outperforms other state-of-the-art methods.

show abstract

“…However, it cannot resist attacks from the power utility (i.e., insider attacks). Such attacks can have devastating consequences, and are generally more challenging to detect and prevent [29]. As an insider attack may go undetected much longer than attacks from external sources, the consequences (e.g., legal and financial implications) will also be severe.…”

Section: Introductionmentioning

confidence: 99%

Fault-Tolerant Multisubset Aggregation Scheme for Smart Grid

Wang

Liu

Choo

2021

IEEE Trans. Ind. Inf.

Self Cite

View full text Add to dashboard Cite

As smart cities and nations are fast becoming a reality, so does the underpinning infrastructure such as smart grids. One particular challenge associated with smart grid implementation is the need to ensure privacy preserving multisubset data aggregation. Existing approaches generally require the collaboration of a trusted third party (TTP), which may not be practical. This also increases the threat exposure, as the attacker can now target the TTP who may be servicing several smart grid operators. Therefore, in this paper, a fault-tolerant multi-subset data aggregation scheme is proposed. Our scheme aggregates the total electricity consumption value,and obtains the number of users and the total electricity consumption in different numerical intervals, without relying on any TTP. Detailed system analysis shows that our scheme prevents the leakage of single data, as well as guarantees the efficiency when new user joins and existing user leaves. Findings from our evaluation also demonstrate that system robustness is achieved with negligible cost.

show abstract

Anomaly Detection with Graph Convolutional Networks for Insider Threat and Fraud Detection

Cited by 107 publications

References 13 publications

Graph Neural Networks for Anomaly Detection in Industrial Internet of Things

Graph Neural Networks for Anomaly Detection in Industrial Internet of Things

Image-Based Feature Representation for Insider Threat Classification

Fault-Tolerant Multisubset Aggregation Scheme for Smart Grid

Contact Info

Product

Resources

About