A fundamental problem in detecting threats to security by monitoring computer usage is the high number of false positives that are created when analyzing a large data set for anomalous behavior. We address the problem by modeling user behavior at multiple scales so as to allow for the identification potential insider threats from users' logged activity by tracking users' activity over time. In this work, we apply a novel method for representing user activity at multiple temporal scales to a dataset that contains malicious behavior. We report our detection results and discuss how a layered detection method may be advantageous for the discovery of specific types of malicious behavior.
展开▼