Abstract and keywords
Abstract:
Modern insider threat detection systems face the problem of analyzing heterogeneous digital footprint data: action sequences, textual communication, and employee relationship graphs. Existing monolithic architectures cannot efficiently process all data types within a single model. This paper proposes an original hybrid architecture combining an LSTM module for temporal sequence analysis, a Transformer module for text processing, and a Graph Attention Network for interaction graph modeling. The key novelty lies in a two-level attention system: at the first level (feature-level attention), each module forms its own representation with weight coefficients for feature significance; at the second level (decision-level attention), a cross-attention mechanism aggregates module outputs into an integrated risk score. Experiments on the CMU-CERT r4.2 dataset show that the proposed architecture outperforms monolithic solutions (F1 = 0.89 versus 0.82 for Isolation Forest and 0.85 for gradient boosting), while two-level attention ensures interpretability through visualization of each module's contribution. The obtained results can be used in building UEBA systems with explainability requirements.

Keywords:
hybrid neural networks, LSTM, Transformer, Graph Attention Network, two-level attention, UEBA, insider threats, explainable AI
References

1. Shashanka M., Shen M.Yu., Vang Dzh. Analitika povedeniya pol'zovateley i suschnostey dlya obespecheniya bezopasnosti predpriyatiya // Mezhdunarodnaya konferenciya IEEE 2016 po bol'shim dannym (Big Data). – IEEE, 2016. – S. 1867-1874. DOI: https://doi.org/10.1109/BigData.2016.7840805

2. Le D.K., Cincir-Heyvud N., Heyvud M.I. Analiz urovney detalizacii dannyh dlya obnaruzheniya vnutrennih ugroz s ispol'zovaniem mashinnogo obucheniya // IEEE Transactions on Network and Service Management. – 2020. – Tom 17, № 1. – S. 30-44. DOI: https://doi.org/10.1109/TNSM.2020.2967721

3. Haydenrayh H.S., Vlahas P.R., Kumutsakos P. Dekonstrukciya rekurrentnosti, vnimaniya i strobirovaniya: issledovanie perenosimosti transformatorov i strobirovannyh rekurrentnyh neyronnyh setey v prognozirovanii dinamicheskih sistem // Preprint arXiv arXiv: 2410.02654. – 2024.

4. Entoni K., Millidzh B., Gloriozo P., Tokpanov Yu. Uchebnaya kulinarnaya kniga Zyphra // Zyphra. – 2024. – URL: https://www.zyphra.com/post/the-zyphra-training-cookbook (data obrascheniya: 18.02.2026).

5. Yang Z. i dr. Ierarhicheskie seti vnimaniya dlya klassifikacii dokumentov // Trudy NAACL-HLT. – 2016. – S. 1480-1489.

6. Hohrayter S., Shmidhuber Dzh. Dolgovremennaya kratkovremennaya pamyat' // Neyronnye vychisleniya. – 1997. – Tom 9, № 8. – S. 1735-1780. DOI: https://doi.org/10.1162/neco.1997.9.8.1735

7. Vasvani A. i dr. Vnimanie - eto vse, chto vam nuzhno // Dostizheniya v oblasti neyronnyh sistem obrabotki informacii. – 2017. – Tom 30. – S. 5998-6008.

8. Velichkovich P. i dr. Seti graficheskogo vnimaniya // Mezhdunarodnaya konferenciya po obucheniyu reprezentaciyam (ICLR). – 2018.

9. Lindauer B. Nabor dannyh dlya proverki insayderskih ugroz // Universitet Karnegi-Mellona. – 2020. – URL: https://kilthub.cmu.edu/articles/dataset/Insider_Threat_Test_Dataset/12841247/1 (data obrascheniya: 18.02.2026).

10. Glasser Dzh., Lindauer B. Preodolenie razryva: pragmatichnyy podhod k polucheniyu dannyh o vnutrennih ugrozah // Seminary IEEE po bezopasnosti i konfidencial'nosti v 2013 godu. – IEEE, 2013. – S. 98-104. DOI: https://doi.org/10.1109/SPW.2013.37

11. Lyu F.T., Tin K.M., Chzhou Z.H. Izolirovannyy les // Vos'maya mezhdunarodnaya konferenciya IEEE po intellektual'nomu analizu dannyh 2008 goda. – IEEE, 2008. – S. 413-422.

12. Lyu F.T., Tin K.M., Chzhou Z.H. Obnaruzhenie anomaliy na osnove izolyacii // ACM Transactions on Knowledge Discovery from Data. – 2012. – Tom 6, № 1. – S. 1-39.

13. Chen T., Gostrin S. XGBoost: Masshtabiruemaya sistema podderzhki dereva // Materialy 22-y Mezhdunarodnoy konferencii ACM SIGKDD po obnaruzheniyu znaniy i intellektual'nomu analizu dannyh. – 2016. – S. 785-794. DOI: https://doi.org/10.1145/2939672.2939785

14. Lundberg S.M., Li S.I. Edinyy podhod k interpretacii predskazaniy modeley // Dostizheniya v oblasti neyronnyh sistem obrabotki informacii. – 2017. – Tom 30. – S. 4765-4774.

15. Makmahan B. i dr. Effektivnoe izuchenie glubokih setey na osnove decentralizovannyh dannyh // Materialy 20-y Mezhdunarodnoy konferencii po iskusstvennomu intellektu i statistike (AISTATS). – 2017. – S. 1273-1282.

Login or Create
* Forgot password?