1638 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL.
18, 2023
A High Accuracy and Adaptive Anomaly Detection
Model With Dual-Domain Graph Convolutional
Network for Insider Threat Detection
Ximing Li , Xiaoyong Li , Jia Jia , Graduate Student Member, IEEE, Linghui Li, Member, IEEE,
Jie Yuan , Member, IEEE, Yali Gao, Member, IEEE, and Shui Yu , Fellow, IEEE
Abstract— Insider threat is destructive and concealable, mak-
ing addressing it a challenging task in cybersecurity. Most exist-
ing methods transform user behavior into sequential information
and analyze user behavior while neglecting structural informa-
tion among users, resulting in high false positives. To solve
this problem, in this paper, we propose Dual-Domain Graph
Convolutional Network (referred to as DD-GCN), a graph-
based modularized method for high accuracy and adaptive
insider threat detection. The central idea is to convert user
features and structural information into heterogeneous graphs
in the light of various relationships and take user behavior
and relationship into account together. To this end, a weighted
feature similarity mechanism is applied to balance the feature
similarity of users and original linkages among them so as to
generate the fused structure. Next, specific graph embeddings
are extracted from the original topology structure and fused
structure simultaneously, which convert behavior information
into high-level representations. Furthermore, an attention mech-
anism is applied to learn the adaptive importance weights of the
user’s features in the corresponding embedding. The combination
and difference constraints are proposed to enhance the learned
embeddings’ commonality and the ability to capture different
information. Extensive experiments on two real-world datasets
clearly show that our proposed DD-GCN extracts the most
correlated information from structural topology and feature
information substantially, and achieves improved accuracy with
a clear margin.
Index Terms— Insider threat detection, anomaly detection,
graph convolutional network.
I. I NTRODUCTION
I NSIDER threat, as an essential research topic in cyber-
security, has become one of the main factors in numer-
ous cybersecurity incidents and caused significant losses to
Manuscript received 15 March 2022; revised 5 October 2022 and 5 January
2023; accepted 3 February 2023. Date of publication 14 February 2023; date
of current version 2 March 2023. This work was supported in part by the
National Natural Science Foundation of China under Grant 62202066, Grant
62102040, and Grant 62002028. The associate editor coordinating the review
of this manuscript and approving it for publication was Dr. Ragnar Thobaben.
(Corresponding author: Xiaoyong Li.)
Ximing Li, Xiaoyong Li, Jia Jia, Linghui Li, Jie Yuan, and Yali Gao
are with the Key Laboratory of Trustworthy Distributed Computing
and Service, Ministry of Education, Beijing University of Posts and
Telecommunications, Beijing 100876, China (e-mail: ximingli@bupt.edu.cn;
lixiaoyong@bupt.edu.cn; jiajia@bupt.edu.cn; lilinghui@bupt.edu.cn;
yuanjie@bupt.edu.cn; gaoyali@bupt.edu.cn).
Shui Yu is with the School of Computer Science, University of Technology
Sydney, Ultimo, NSW 2007, Australia (e-mail: shui.yu@uts.edu.au).
Digital Object Identifier 10.1109/TIFS.2023.3245413
1556-6021 © 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
organizations in recent years. Compared with outsider threats,
insider threats are usually launched by insiders of the orga-
nization who already have the authorization to access the
information system and are familiar with enterprise internal
defense processes [1]. Insider attackers can remove footprints
after posing enterprise privacy or property in threat, which are
difficult for traditional anomaly detection schemes to discover.
Since insider attackers are familiar with the core secrets of the
company, the consequences of insider threats are often more
severe than those caused by external attackers [2], [3], [4].
This situation attracts more and more attention from academia.
Thus, deploying a cybersecurity approach to information sys-
tems to detect insider threats comprehensively is crucial.
A. Motivation
So far, researchers have done numerous works on insider
threat detection. Existing insider threat detection works are
divided into two categories. 1) The first type of typical
methods attempts to extract various insider threat patterns
and make anomaly detection about insider threats based on
prior knowledge. These techniques focus on establishing users’
behavior baseline to classify normal users against insider
threats via game theory [5], machine learning [6], etc., ana-
lyzing users’ behavior based on system logs (e.g., file access,
logon and logoff operations, removable device usage), and
adding the consideration of role attributes to form a real-time
monitoring system in the company. 2) Another group of
typical methods concentrates effort on transforming various
user behavior into sequence data (i.e., sequential relationships
among log entries), which hold temporal information of the
user. The rapid evolution of deep learning has recently brought
a new aspect to sequence processing techniques for insider
threat detection. Deep learning as a subfield of representation
learning has a powerful feature representing capability, which
can learn profound information and perform abstract and
accurate representation. Sequence processing techniques of
deep learning, including convolutional neural network (CNN)
and recurrent neural network (RNN), are widely applied to
learn knowledge according to the history behavior and analyze
the users’ future behavior. Essentially, these behavior-to-entry
methods simulate normal user behavior and mark a deviation
as an anomaly.
 LI et al.: HIGH ACCURACY AND ADAPTIVE ANOMALY DETECTION MODEL WITH DD-GCN
Although prior works on insider threat detection have made
exciting progress by extracting threat patterns and entirely
using user behavior information, they still have numerous
drawbacks. Methods proposed in prior works can effectively
block hackers and prevent intruders from attacking to some
extent, but they are often costly and occupy several system
resources. Similarly, much complicated and costly work is
deployed when facing high-dimension, complexity, hetero-
geneity, and sparsity situations. Moreover, it is too idealized
that existing methods identify anomalies by comparing them
with users’ daily normal behavior based on the assumption that
users’ daily behavior over time is relatively regular and steady
(logical relationships over days or weeks). Relationships can
provide valuable and essential information, similar to social
networks in our daily life, yet existing approaches ignore such
relationships in the insider threat detection task. At the same
time, current methods depend on a large number of labeled
data to ensure the model’s performance. However, collecting
enough labeled user information and malicious activities from
the organization is challenging in real-world scenarios due
to privacy concerns. Thus, maximizing the usage of circum-
scribed data is critical. In summary, we need to address the
following three problems: 1) How to capture different behavior
accurately under high-dimension, complexity, heterogeneity,
and sparsity situation. 2) How to integrate the relationship of
structural information (i.e., user interaction) with user behavior
features in an insider threat detection model. 3) How to use
limited labeled instances efficiently for insider threat tasks.
B. Our Designs and Contributions
To alleviate the aforementioned drawbacks, we propose a
novel graph-based model named Dual-Domain Graph Convo-
lutional Network (DD-GCN) for high accuracy and adaptive
insider threat detection. DD-GCN mainly consists of three
specialized modules to extract relationships, accurately capture
different behavior, and detect anomalies under limited labeled
data efficiently. First, a weighted feature similarity mechanism
is applied to construct users’ fused structure from the original
linkage network among users and integrate multiple relation-
ships, such as email communication, device, or file transform-
ing operations. Next, users’ behaviors are propagated over
the fused structure and the original topology graph to extract
embeddings in two domains with two specific convolutional
modules. Vectorized user behavior and operations based on the
embeddings are extracted from the original structural topol-
ogy and fused structural information simultaneously. Finally,
an attention mechanism is utilized to learn the importance
weights of the user’s features within two embeddings in
order to propagate them adaptively. In this way, insider threat
labels are able to supervise the learning process to adjust
the adaptive importance weights of users’ features in two
graphs and extract the most correlated information. Moreover,
we design combination and difference constraints to ensure
the common and disparity effect of the learned embeddings.
Meanwhile, the complete framework of the insider threat
detection system based on the Dual-Domain GCN algorithm
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
1639
is provided. In summary, we highlight our contributions as
follows:
• By leveraging feature similarity and original linkage,
a weighted feature similarity mechanism for insider threat
detection is applied to balance user behavior and original
linkage information, and translate users’ log entries into
heterogeneous graphs. The weighted feature similarity
mechanism calculates the feature similarity among users
and extracts latent structural information, which holds
users’ specific behavior information and maximizes the
usage of labeled samples. As a result, various structural
information can be fully quantified and discovered.
• We propose the DD-GCN, a two-domain and two convo-
lutional operations graph-based model for high accuracy
and adaptive insider threat detection, which takes into
account of structural relationships and feature informa-
tion. The fused structural information as a bonus com-
ponent for the final result. Furthermore, an attention
mechanism is applied to learn the different importance of
related nodes to capture behavior differences adaptively.
The model aggregates different scale information and
achieves improved insider threat detection accuracy.
• Two constraints, i.e., the combination constraint and
the difference constraint, are designed for insider threat
detection to ensure the consistency and disparity of the
learned embeddings to enhance their commonality and
the ability to capture different scale information.
• Our evaluation of the proposed model on public insider
threat datasets illustrates that our proposed model
achieves improved detection accuracy of 98.65% and out-
performs state-of-the-art techniques with a clear margin.
The rest of the article is organized as follows. In Section II,
we will review related works of insider threat detection
and the application of Graph Convolutional Network (GCN).
In Section III, we elaborate Dual-Domain GCN model and
insider threat detection framework based on it. The perfor-
mance evaluation results are reported in Section IV, and we
conclude and prospect our work in Section V.
II. R ELATED W ORK
Insider threat is an in-depth investigation problem that
causes severe damage to enterprises. Scholars work on plenty
of studies for insider threat detection and prevention. In this
section, we will review related works on insider threat detec-
tion and the application of Graph Convolutional Network.
A. Insider Threat Detection
Insider threats have received significant attention for a long
time as one of the most challenging cyberattacks to counter.
One of the most typical methods of existing paradigms [8],
[9], [10], [11], [12] extracts and transforms user behavior
features, including email communication, network activity,
file access, and personal computer, into machine learning
models to identify malicious sessions and events. Features
for enterprise situations also contain logon/logoff information,
printer, and device connection. The data used for insider threat
detection are often heterogeneous and sparsity, making feature
 1640
extracting-based approaches time-consuming, complicated and
hindering practical deployment.
Another group of typical approaches converts log informa-
tion into sequential data and then analyzes user behavior. Min
Du et al. [13] design an anomaly detection method based on
LSTM named DeepLog. DeepLog uses system log keywords
and different types of anomalies in log entries. Tuor et al. [14]
propose a stacked LSTM structure to capture user actions and
utilize user activity log-likelihoods as the anomalous scores
to identify insider threat sessions. Instead of relying only
on the activity type, Yuan et al. [15] utilize file uploading
and web browsing activities for insider threat detection and
propose a hierarchical neural temporal point processes model,
which generates an anomalous score based on the differences
between test and normal activities in terms of activity types
and occurrence time. Shen et al. [16] leverage RNN to predict
a user’s upcoming action to identify an anomaly user. If no sig-
nificant disparities are detected between the prediction findings
and the user’s activities, the user is identified as a regular user.
Otherwise, malicious activities are identified. Hu et al. [17]
propose a CNN-based user authentication approach to detect
insider threats by evaluating mouse bio-behavioral traits. The
proposed approach utilizes a picture to show how users move
their controllers. If ID theft is committed, the user’s controllers
actions will differ from those of the authorized user. Although
sequence processing models improve insider threat detection
significantly, they always neglect the interaction information
among users, which can provide indispensable information for
insider threat identification.
Recently, graph data structures have been widely deployed,
which are able to represent the interaction among users effec-
tively. Oka et al. [18] convert user-system interaction into a
bipartite graph and use an unsupervised learning framework
to evaluate whether a potential insider threat is triggered after
an incident shows a clear correlation between precipitation
with significant anomalies. Jiang et al. [19] adopt GCN model
for insider threat detection. It is reasonable to utilize a graph
structure to represent the interdependencies among users since
individuals in an organization frequently contact one another
via Email. The proposed model also uses profound user
profiles as the feature vectors of nodes. Liu et al. [20] propose
a heterogeneous graph embedding model, named Log2vec,
to encode activity linkages. Log2vec first creates a heteroge-
neous graph from audit data by representing varied activities
as nodes and profound relationships between activities as
edges. Then, Log2vec distinguishes malicious and benign
activity into different groups and identifies insider threats by
applying a clustering algorithm to node embeddings. Graph
data-based methods above are built on normal user behavior
patterns and compare or predict them with new behavior to
identify anomalies. Different from the idea of [19] and [20],
our proposed DD-GCN transforms user feature behavior and
relationship into graphs and uses specific domain embed-
dings to extract latent information. Except for the relevant
user behavior transformation patterns, DD-GCN exploits two
domains to explore users’ latent information and applies an
attention mechanism to learn the corresponding importance
weights of user behavior under different domains adaptively.
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 18, 2023
In addition to typical detection models mentioned above,
tracking systems are applied to monitor and analyze activities
of the system for insider threat detection [21], [22], [23]. Our
proposed DD-GCN differs from these tracking systems in two
ways. First, most tracking systems aim to prevent attack foren-
sics, not cyber threat detection. Second, these tracking systems
usually apply causal graphs to track the flow of operations
processes and interactions, such as IPC syscall operating on
pipes. Our proposed DD-GCN analyzes the log information
that records users’ behavior in an information system and
captures multiple relationships among log information that
reflect user features, such as removable devices connection
history or website browsing contents.
B. Graph Convolutional Network
With the development of Represent Learning and Graph
Embedding techniques, Graph Convolutional Networks have
attracted much attention and are widely studied [24], [25],
[26]. Bruna et al. [27] first apply graph Laplacian to graph
convolution in the Fourier domain. Defferrard et al. [28]
assume the Laplace transform from the Chebyshev expansion
graph, improving the efficiency. Kipf et al. [7] simplify the
convolution operation and recommend that only single-hop
neighbor node features are aggregated. GraphSage [29] aggre-
gates node features from the local neighbors with mean, max,
or LSTM pooling. Graph Attention network [30] outlines the
node that should be paid attention to by learning the weight of
the node feature mechanism. Pei et al. [31] design Geom-GCN
that applies the structural similarity to collect long-range
disassortative graphs. Xu et al. [32] propose Graph Wavelet
Neural Network (GWNN), which modifies the GCN model
by replacing the eigenvectors with wavelet bases to improve
efficiency. Monti et al. [33] propose MoNet, which provides a
unified generalization of graph convolutional structure in the
spatial domain. Most current GCN variants mainly concentrate
on propagating node features on the topology to learn graph
embedding for detection or classification tasks. They aim to
design the aggregation function of neighbor nodes for message
passing patterns.
Conversely, some studies question and analyze the propagat-
ing mechanism of GCN. Li et al. [34] show that GCN actually
carries out Laplacian debugging on node attributes so that the
nodes embedded in the entire network gradually converge. Nt
et al. [35] and Wu et al. [36] show that when performance
information is propagated through the network topology, the
topology plays a role in the low-frequency filtering of node
attributes. Using only low-frequency information under differ-
ent conditions is limited. Based on this, Deyu et al. [37] pro-
pose a Frequency Adaptation Graph Convolutional Networks
(FAGCN) based on a self-gating mechanism. The core idea
lies in implementing adaptive convolution of frequency infor-
mation graphs. They also analyze the role of low-frequency
and high-frequency information in learning node feature rep-
resentation. Also, Wu et al. [38] provide an elaborate review
of GCN. For now, it is still being determined whether GCN
can adaptively extract relevant information from node features
and topology structure for classification or detection tasks.
 LI et al.: HIGH ACCURACY AND ADAPTIVE ANOMALY DETECTION MODEL WITH DD-GCN
TABLE I
N OTATION
Therefore, our proposed DD-GCN takes a different perspective
that is extracting specific graph embeddings from structural
topology and feature information domains simultaneously.
III. P ROPOSED M ODEL : D UAL -D OMAIN G RAPH
C ONVOLUTIONAL N ETWORK
In this section, we will elaborate the framework of
Dual-Domain Graph Convolutional Network for insider threat
detection task and the detail of each module. For convenience,
the notations of this paper are summarized in Table I.
A. Dual-Domain Graph Convolutional Network
Problem Settings: We focus on semi-supervised insider
threat detection in an attributed graph G = (A, X ), where
A ∈ Rn×n is the symmetric adjacency matrix with n nodes.
Ai j = 1 represents an edge between node i and node j,
otherwise Ai j = 0. X is the feature matrix. The output
of DD-GCN is n × m matrix, where m is the number of
classification categories, and each node belongs to one of m
classes.
Consistent with recent research on the integrating mecha-
nism of GCN, although both node features and topology have
a high degree of direct correlation with node labels, GCN
cannot adaptively separate information from them. Therefore,
our idea is to take a different perspective: to propagate node
features not only in the topology domain but also in the feature
domain.
The overview framework of our Dual-Domain GCN is
illustrated in Fig. 1. The key idea behind Dual Domain-GCN
is that node features can be propagated in both the topology
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
1641
and feature domains. A topology mapping based on the
features of nodes is proposed. We construct adjacency and
feature matrices of the feature domain based on the original
structural information and fused feature information by a
weighted feature similarity function. Furthermore, we design
two convolution modules for the two specified domains. With
two convolution operations, the node feature X is able to be
propagated over both topology domain and feature domain
to learn corresponding embeddings Z T and Z F . Since the
classification result could associate with one of the topology
domain and feature domain or both, an attention mechanism
is applied to associate embedding information with learned
adaptive importance weights to extract the most relevant
information. Thus, the most related information is applied to
generate the final classification result Z .
1) Feature Domain Convolution Module: Traditionally, the
adjacency matrix of a GCN is fulfilled by 0 or 1 where
Ai j = 1 satisfies the connectivity if node i and node j are
linked, and Ai j = 0 otherwise. It is not trivial to define edge
only by the linkage information. Leveraging a simple topology
structure alone is not sufficient to describe the fusion process
either. Therefore, a comprehensive weighted feature similarity
method that takes advantage of edge linkage between nodes
and the relevance of their features is proposed to capture the
underlying structure information in the feature domain. The
quality of the relationship between nodes is measured by:
A F (i, j) = ω × Si, j + (1 − ω) × Ai j , (1)
where ω is a hyper-parameter between (0, 1) to balance the
connection and feature similarity between nodes. Si, j is a
similarity function that calculates the feature similarity of
two nodes, Ai j represents the original linkage of the nodes.
In order to calculate the adjacency matrix in the feature
domain A F (i, j) ∈ Rn×n , a similarity calculation mechanism
is provided to obtain structural information in the feature
domain. In fact, several methods can calculate the similarity
between two vectors, we list two popular ones here: cosine
similarity and Heat kernel. Cosine similarity leverages the
cosine of the angle between two vectors to calculate the
similarity, which is:
xi · x j
Si, j = cos(xi , x j ) = . (2)
|xi ||x j |
Heat Kernel similarity is calculated as follow:
∥xi −x j ∥2
Si, j = H eat (xi , x j ) = e− t , (3)
here t is the time parameter in the heat conduction equation,
and t = 2. A F (i, j) aims to explore potential connections
among users with similar features. We want to apply a
similarity function that can effectively explore the plausible
augmentation relations of users with similar behavior, while
disregarding the magnitude of their feature vectors. Since the
cosine similar function performs better with high-dimensional
data and puts aside the magnitude of feature vectors, which
is a match for the high-dimension nature of insider threat
information, we choose cosine similarity in our work to
generate A F (i, j). If A F (i, j) > 0.5, the edge between node i
 1642 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 18, 2023

Fig. 1. The architecture of Dual-Domain GCN. The input matrices are adjacency matrix A and feature matrix X . Adjacency matrix A represents the
linkage among nodes. Node feature X is to construct for the feature domain. DD-GCN consists of two convolution modules for topology domain and feature
domain and the attention mechanism. The adjacency matrix and feature matrix are generated by Equation 1 for the feature domain.

Algorithm 1 Calculate Adjacency Matrix A F for Feature adjacency matrix and feature matrix graph G t = (A T , X ),
Domain where A T = A. The l-th layer of topology embedding Z Tl
Input:Adjacency matrix:A; is calculated in the same way as that in the feature domain,
Input feature:X ; which is:
Feature vector:xi , ∀i ∈ V ;
−1 −1
Balance parameter:ω; Z Tl = σ ( D̃T 2 Ã T D̃T 2 Z Tl−1 WTl ), (5)
Output:Adjacency matrix for feature domain:A F
here, σ is the activation function, and ReLU is chosen as our
1: Initialize A F with zeros; activation function due to the low computational complexity
2: Initialize ω; and the non-exponential operation. D̃T is the diagonal degree
3: for node i, j ∈ V do matrix of à T . Specifically, we have à T = A T + IT , and IT is
4:
x ·x
Si, j ← cos(xi , x j ) = |xii||xjj | identify matrix. WTl is the weight matrix of l-th GCN in the
5: A F (i, j) ← ω × Si, j + (1 − ω) × Ai j topology domain. The last embedding in the topology domain
6: if A F (i, j) > 0.5 then is denoted as Z T .
7: A F (i, j) ← 1 3) Attention Mechanism: Since we have two specific
8: end if embeddings Z T and Z F , different node features contribute
9: end for differently to the detection result. Thus, an attention mecha-
Return:A F nism is applied to learn corresponding adaptive importance
weights. We concatenate two embeddings firstly and get
′ ′
Z cat ∈ Rn ×d×d , where n ′ is the number of nodes in two
and node j in the feature domain is established. The generation embeddings, i.e., n ′ = 2n. d is the number of features
of A F in the feature domain is summarized in Algorithm 1. applied in this section, and d ′ is the dimension of the feature
′
After the fused adjacency matrix in feature domain A F is information. For node i in the embedding Z cat , z i ∈ Rd×d is
generated, the input graph in the feature domain is G f = node i’s embedding vector in Z cat . The embedding of node
(A F , X ). Subsequently, l-th layer feature embedding Z lF can i is propagated through a nonlinear transformation, and a
be represented as: shared vector of attention q ∈ Rh×1 is applied to calculate
the attention values ξ i as follow:
−1 −1
Z lF = σ ( D̃ F 2 Ã F D̃ F 2 Z l−1
F W F ),
l
(4)
ξ i = q T σ (W (z i )T + b), (6)
where Z 0F= X , which is similar to Kipf’s graph convolution
kernel [7]. σ is the activation function, and we choose ReLU where σ is the activation function, and we choose tanh as
as our activation function because of the low computational the activation function for attention value calculation. W is
complexity, the non-exponential operation, and the ease of the weight matrix, and b is the bias vector. After that, the
learning optimization. D̃ F is the diagonal degree matrix of normalized attention value with the softmax function is applied
à F , here à F = A F + I F , and I F is identify matrix. W Fl is to get the final importance weight:
the weight matrix of l-th GCN in the feature domain. The last
exp ξ i j
 

embedding in the feature domain is denoted as Z F . In this α i j = softmax ξ i j = Pd . (7)
j=1 exp(ξ )
way, we can obtain the node embedding in the feature domain ij
that captures the specific fused information.
2) Topology Domain Convolution Module: For the topology The values of α i reflect the importance of node i within all
domain, the input of the convolution module is the original node features in these two domains for the corresponding

Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
 LI et al.: HIGH ACCURACY AND ADAPTIVE ANOMALY DETECTION MODEL WITH DD-GCN 1643

embedding. Each embedding Z i is calculated as follow: normalize the different domain embeddings, which are denoted
X as Z T nor and Z Fnor . Then these two normalized matrices are
Zi = αi j · zi j . (8) applied to calculate the similarity denoted as ST and S F by:
j

The whole process of final embedding generation is sum- ST = Z T nor · Z TT nor , (9)
marized in Algorithm 2. S F = Z Fnor · T
Z Fnor . (10)

Algorithm 2 Node Embedding Generation of Dual-Domain The combination constrain is calculated by:
GCN
Input: Graph:G = (V, E); Lcomb = ∥ST − S F ∥2 , (11)
Input feature:X ; where ∥ · ∥2 is L 2 -normalization.
Weight matrix : W k , ∀k ∈ {1, . . . , K }; b) Difference constraint: For feature or topology embed-
Non-linearity:σ ; ding and combination embeddings, which we denote as
Balance parameter:ω; Z combT and Z combF for embedding Z T and Z F , respectively.
Feature vector:xi , ∀i ∈ V ; Z combT and Z combF are learned from the same graph as
Shared vector of attention:qTi ; Z T and Z F with shared parameters WCl . Thus, a difference
Bias:b. constraint is proposed to enhance them to learn different
Output:Final embedding Z information. Inspired by mutual information, Hilbert-Schmidt
1: Build adjacency (adj) matrix:A ← (V, E) Independence Criterion (HSIC) [39], an effective measure
2: Feature domain fused structure:A F (i, j) to calculate the independence of two vectors, is applied to
3: Feature domain graph generation:G F ← (A F , X ) enhance difference constraint in this work. Unlike mutual
4: Degree matrix of feature domain: D̃ F information, HSIC does not need to estimate the probability
5: Z 0F ← X density of two variables, and it transforms this process into
−1 −1
6: F WF )
Embedding:Z lF ← σ ( D̃ F 2 Ã F D̃ F 2 Z l−1 l a sampling form directly. Technically, the difference con-
7: Adj matrix for topology domain:A T ← A straint of topology embedding Z T and combination embedding
8: Topology domain graph generation:G T ← (A T , X ) Z combT are learned from the same graph, and the HSIC is
9: Degree matrix of topology domain: D̃T calculated as:
10: Z T0 ← X 1
−1 −1 H S I C(Z T , Z combT ) = tr (K T J K combT J ), (12)
l
11: Embedding:Z T ← Ã T D̃T 2 Z Tl−1 WTl )
σ ( D̃T 2 (n − 1)2
12: Concat two embeddings:Z cat ← Z T ||Z F
13: for node i ∈ V do where J = I − n1 and I is the n-level identify matrix. tr is
14: Node i’s embedding in Z cat :z i the trace of matrix. K T and K combT are Gram matrices and
15: Attention value:ξ i ← q T · tanh(W (z i )T + b) calculated as:
16: Adaptive
P importance weight:α i j ← so f tmax(ξ i j ) ∥x1 − x2 ∥22
Zi ← j α · zi j i j K (x1 , x2 ) = exp(− )(σ > 0), (13)
17: σ
18: end for
j
Return:Z where K T,i j = K T (z iT , z T ) and K combT,i j =
j
K combT (z combT , z combT ). z iT is the i-th node’s embedding in
i

the topology domain and z combTi stands for the same meaning.
4) Loss Function: In this section, we design two constraints
to enhance the effectiveness of our proposed model. Since the For the difference constraint in feature domain is calculated
information in these two domains has a combination effect, in the same way as topology domain:
i.e., node label related to both domains, combination constraint 1
is designed to improve this effect through a combination H S I C(Z F , Z combF ) = tr (K F J K combF J ). (14)
(n − 1)2
embedding calculated by two graph convolutional operations
via shared parameters. The difference constraint is intended to Thus, the difference constraint is denoted as Ldi f f is:
improve the disparity effect between two domain embeddings
and corresponding combination embedding. The generation of Ldi f f = H S I C(Z T , Z combT ) + H S I C(Z F , Z combF ). (15)
these two constraints is shown in Fig. 2. The loss function
c) Optimization function: The output embedding Z is
consists of two constraints and an optimization function.
used for multi-class classification with a linear transformation
a) Combination constraint: Generally speaking, the node
and a softmax function. The class prediction Ŷ of the node
classification results may be related to the information in both
can be calculated as follows:
the feature and topology domains. The combination constraint
is designed to enforce the commonality effect between these Ŷ = so f tmax(W Z + b), (16)
two domain embeddings and implies that the node label is
i)
related to both domains. Thus the combination embedding is here so f tmax(xi ) = Pexp(x . In this work, we choose cross-
i exp(xi )
learned with shared parameters WCl of two domain convolu- entropy loss for node classification overall training process.
tional operations as Eq 4 and 5. We utilize L 2 -normalization to Suppose the training set is L, each l ∈ L, the real label of

Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
 1644
Fig. 2. Two constraints of Loss function. The two constraints in object
function are combination constraint lcomb and difference constraint ldi f f .
Combination constraint implies the topology and feature embedding learning
common information, and difference constraint improves disparity effect of
these two embeddings.
the training set is Yl and the predicted label is Ŷl . Thus, the
cross-entropy Lt is:
C Cloud service-related web pages, job hunting-related web
XX
Lt = − Yli ln Ŷli ,
l∈L i=1
here C is the predicted class of node. Combining combination
constraint, difference constraint, and cross-entropy loss, the
overall loss function is obtained by:
L = Lt + γ Lcomb + βLdi f f ,
where γ and β are the parameters of combination constraint
and difference constraint. The proposed DD-GCN is optimized
via backpropagation with the help of labeled data and the
learned embeddings of nodes for classification. In the next
part, we will briefly illustrate the framework of DD-GCN
based insider threat detection model.
B. Framework of Insider Threat Detection via Dual-Domain
GCN
As mentioned earlier, traditional insider threat detection
extracts user’s behavior information alone and ignores user
role-based relations or communication relationships such as
email communication, social media information, etc., which
could be essential information for insider threat detection.
In order to collect user features and connection information in
the task of insider threat detection, we transform user behavior
into graphs and apply DD-GCN to the insider threat detection
model. The framework of insider threat detection via DD-GCN
is shown in Fig. 3. This framework consists of four modules:
Input data module, Data Pre-processing module, DD-GCN
based detection module, and Output module.
Firstly, the system launches the sequence of user actions
and then transmits it to the Data Pre-processing module to
construct the graph. Graph nodes represent users or other
objects, and the edges between nodes represent the structural
information of these users. In order to obtain node features
and graph structure information, the system obtains node
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 18, 2023
information by extracting the behavior characteristics of users.
However, only establishing user connections and some features
could not achieve promising performance. We apply DD-GCN
to the insider threat detection application.
All the data collected from the Input module is trans-
formed to Data pre-processing module to be converted to a
graph-based format for DD-GCN detection module. The data
processing module will generate the graph’s adjacency matrix
and feature matrix. In this work, we extract user behavior
features from emails, websites, files, inputs, devices, etc.,
and use natural language processing (NLP) to collect features
based on user behavior content, providing a solid foundation
for describing node feature information. The list of brief
features is shown below:
• Work hour logon, off-work hour logon, weekend logon;
• File features, total files, photo files, txt files, document
files, exe files, zip files, and PC for files;
• Email features, email sent outside the organization, email
sent within the organization, average email size, email
receivers;
• Web browser features, the number of pages browsed,
pages, Wikileaks-related web pages, hacking-related web
(17)
pages.
For the structural information of these nodes, we do not
use direct communication relationships alone. The weighted
feature similarity mechanism of DD-GCN is applied to cal-
culate the similarity of user features and extract latent user
(18) connection information.
The output module classifies insider threat detection tasks
into four categories: normal scenario, data exfiltration, intel-
lectual property, and IT sabotage. To train the learnable
parameters of DD-GCN, we perform batch gradient descent
and use cross-entropy loss to evaluate during the training
phase.
In this work, we use insider threat detection as a domain
application example to demonstrate a detailed model for
building DD-GCN based insider threats detection model. Cre-
ating anomaly detection models in many other areas (such
as network traffic anomaly detection and fraud detection) is
similar to this example, with only a few changes in feature
extraction.
In the next section, we will demonstrate the effectiveness
of the proposed DD-GCN model in detecting insider threat
behavior in public datasets.
IV. P ERFORMANCE E VALUATION
We will evaluate our proposed DD-GCN insider threat
detection model on public datasets in this section. We begin
with brief information about the datasets, followed by a pre-
processing method to generate the input matrix for DD-GCN.
Next, we conduct ablation studies to examine the effectiveness
of DD-GCN, including components analysis and parameter
sensitivity study. Finally, the insider threat classification per-
formance of DD-GCN will be compared with other state-of-
the-art methods.
 LI et al.: HIGH ACCURACY AND ADAPTIVE ANOMALY DETECTION MODEL WITH DD-GCN 1645

Fig. 3. The framework of Insider Threat Detection via Dual-Domain GCN. This framework has four modules: input data module, data pre-processing
module, DD-GCN detection module, and output module. Input data module collects user behavior information; Data Pre-pressing module extracts specific
feature of each user and form adjacency matrix Ai and feature matrix X i ; DD-GCN detection module applies DD-GCN to generate node embeddings for
insider threat classification task. The architecture of DD-GCN will be introduced in section III-A. The origin adjacency matrix Ai is transformed to A f for
the feature domain, and the adjacency matrix for topology is the same as origin adjacency matrix; The Output module states the classification result.

TABLE II description of these activities is shown in Table II. To build

D ESCRIPTION OF CERT DATASET
A. Experiment Setup
1) Dataset: This work is performed on CERT insider
threat dataset [40], which is a publicly available dataset for
research, testing, development to help mitigate insider threats
and provides comprehensive behavioral observations of users
to model their behavior. There are various versions of the
CERT dataset, and the specific versions used in this work
are CERT r4.2 and r6.2. CERT r4.2 simulates a company
with 1,000 employees, 70 of whom are malicious insiders in
three threat scenarios. There are 32,770,227 activities in this
dataset, and 7,323 malicious activities are manually injected
by experts in insider threat detection task, representing three
insider threat scenarios discovered. CERT r4.2 involves several
categories of user behavior data, such as file access (creation,
modification, deletion, file name, file type, etc.), email sending
and receiving, device usage (mobile storage devices, printers,
etc.), HTTP access, system login, and also includes infor-
mation about the user’s job title and working departments.
CERT r6.2 simulates a company with 4,000 employees, 5 of
whom are malicious insiders in three threat scenarios. There
are 135,117,169 activities in this dataset and 470 malicious
activities are manually injected by experts.
The CERT dataset covers five different types of activities:
logon/logoff, email, device, file, and HTTP. The detailed
a model for users’ features extraction, we extract and review
the dataset to identify missing information such as user-to-
user relationships, user-to-PC relationships, regular working
hours, website, and file categories. Followed by Section III-B,
we analyze the detailed information of the log file, such as
timestamp, user ID, PC ID, operation details, etc., to generate
the feature matrix. The dataset we use mainly contains numer-
ous activity categories, which reflect the user’s operating habits
and can be applied to distinguish normal and malicious users
based on these activity tracks. We choose representative fea-
ture information (including Work hour/off-work hour/weekend
logon, web browsing contents, email communications, mobile
device transfer operations, file transfer operations, file cate-
gories, PC for files etc.) to generate the user behavior for
the feature matrix. To further evaluate our proposed model
in insider threat detection task, we chose 500 users with three
different label rates for the training set and 400 users as the
test set, and 100 users as the validation set. The label rate
means the percent of labeled data per category in the train-
ing data used for training the semi-supervised insider threat
detection model. Different labeling rates constitute different
ratios of labeled data samples, thus effectively forming a
semi-supervised learning scenario.
2) Parameter Setting: For our DD-GCN, we train different
domains with 2-layer GCN (hidden layer: nhid1 = 128,
nhid2 = 256). Adam optimizer with a learning rate between
{0.0001, 0.0005} is applied, and the dropout is 0.5. In addi-
tion, weight decay is {5e-3, 5e-8} and balance parameter of
feature domain ω is selected in {0.1, . . . , 0.9}. The coeffi-
cient of combination and difference constraint is selected in
{0.01, 0.001, 0.0001} and {1e-10, 5e-9, 1e-9, 5e-8}. We use
Accuracy (ACC) and macro F1-score (F1) to evaluate the
performance of our proposed model and baselines. All
experiments are conducted with Pytorch 1.1.0 [41] and
Python 3.6.8.
B. Ablation Studies
In this section, to examine the effectiveness of our proposed
model, we conduct a series of ablation experiments to compare

Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
 1646 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 18, 2023

Fig. 4. Analysis of Attention Mechanism. The accuracy of DD-GCN

outperforms the variant without attention mechanism (DD-GCN-w/o-att) in
two datasets for all label rates.

the results of different components, attention mechanisms,

and correlation coefficients in this model with different label
rates. Moreover, accuracy is selected as a metric for evaluating
ablation experiments’ performance.
1) Analysis of Components: We compare different compo-
nents of DD-GCN on the CERT r4.2 and CERT r6.2 to validate
the effectiveness of the constraints and different domains. The
related parameters applied in this part are γ =0.001, β=5e-
8, ω=0.6. DD-GCN-w/o(T) is referred to DD-GCN without
constraints lcomb and ldi f f , and considers the topology domain
only. DD-GCN-w/o(F) considers the feature domain without
lcomb and ldi f f . DD-GCN with difference constraint ldi f f
alone is named as DD-GCN-Diff. DD-GCN with combination
constraint lcomb is denoted as DD-GCN-Comb.
From the results shown in Table III, we get the follow-
ing observations: with the label rate increase, each variant’s
accuracy increases. DD-GCN achieves the best accuracy of
98.26% and 98.65% with the label rate of 60%; DD-GCN Fig. 5. Analysis of Attention Distribution of Different Domains. The
is consistently superior to all the other four variants, demon- attention distribution of the feature domain is higher than the topology domain,
strating the effectiveness of combining these two constraint which verifies that the attention mechanism captures different information in
these two domains and sets corresponding importance weight.
options. The most relative growth of accuracy is 3.07% and
2.78%; Compared with DD-GCN-w/o, DD-GCN-Comb and
DD-GCN-Diff achieve better performance in all label rates,
which verifies the importance of these two constraints. And distribution of two domains is shown in Fig. 5. And the results
the most relative improvement accuracy of DD-GCN-w/o(T) of attention value of specific features are shown in Fig. 6.
reaches 2.44%; The superior results of DD-GCN-Comb over a) Attention effectiveness: The attention mechanism in
DD-GCN-Diff indicate that combination constraint performs DD-GCN extracts the most relevant information from the
better under the same situation, along with 0.54% and 0.49% topology domain and feature domain. The variant of DD-GCN
improvement in accuracy. Moreover, the performance of DD- without attention mechanism is denoted as DD-GCN-w/o-att,
GCN-w/o(F) is better than DD-GCN-w/o(T), indicating the and the accuracy results against DD-GCN for all label rates are
feature domain’s necessity and the effectiveness of our pro- shown in Fig. 4. We find that DD-GCN outperforms the variant
posed weighted feature similarity mechanism to generate the without attention mechanism on both datasets for all label
graph of the feature domain. rates, which verifies the effectiveness of the attention mecha-
2) Analysis of Attention Mechanism: We test the variant of nism. From the results of Fig. 4, Table IV and Table V, DD-
DD-GCN without attention mechanism and take the average GCN-w/o-att still achieves competitive performance against
importance weight value of the topology domain and feature other variants without attention mechanism, implying our
domain for performance comparison. framework is competitive.
Additionally, we analyze the distribution of attention of b) Attention distribution: DD-GCN learns two specific
two domains and specific features on both CERT r4.2 and embeddings in each domain. We first separate two domains
r6.2 datasets. DD-GCN learns two graph embeddings, and and examine attention distribution for CERT r4.2 and CERT
each node’s embedding within them will be associated with r6.2 in Fig. 5. As we can see, in Fig. 5(a), the attention
attention values. The parameters of this section are the same distribution of specific node embedding in the feature domain
as the ablation study (γ =0.001, β=5e-8, ω=0.6). The results is more significant than in the topology domain, which implies
of the attention effectiveness are shown in Fig. 4. Attention that the information in the feature domain is more important

Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
 LI et al.: HIGH ACCURACY AND ADAPTIVE ANOMALY DETECTION MODEL WITH DD-GCN
TABLE III
VARIANTS C OMPARISON
Fig. 6. Analysis of Attention Values of Different Features. Together with
the insider scenarios in both datasets, the insider threat related features get
higher attention values than other session related features which implies the
attention mechanism assigns higher importance weight to crucial information.
than that in the topology domain on the corresponding dataset.
Meanwhile, for attention distribution in CERT r6.2 shown in
Fig. 5(b), the attention difference between topology and feature
domains is more noteworthy than in CERT r4.2. The reason
behind this could be that the anomaly user in CERT r6.2 is
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
1647
less than CERT r4.2. Thus, the feature of the user plays a
more significant role in insider threat detection.
For the insider threat detection task, the extracted informa-
tion of the feature domain is critical, contributing to better
results. On the same dataset, different domain contributes
differently to insider threat detection. The same domain con-
tributes differently to insider threat detection on the differ-
ent datasets. Overall, the attention distribution experiments
demonstrate that DD-GCN can focus on more critical infor-
mation.
c) Attention value: With the same parameters, we test
the attention value of each feature in the test set of two
datasets. The results are shown in Fig. 6. The feature ID in
both datasets represents the same. Feature ID from 1-6 stands
for user logon activities (i.e., workhour logons, after-hour
logons, or the total number of logon activities in a given time).
ID 7-15 represents the removable device connection and file
upload activities. ID from 16-20 represents email operations,
and ID from 21-26 denotes web browsing operations such
as downloading, browsing, or uploading operations based on
simple NLP preprocessing. In CERT r4.2, anomaly users are
more related to visiting malicious hacking-related websites
then downloading a keylogger and using a thumb drive to
transfer it to other machines, or surfing job-hunting-related
websites and soliciting employment from a competitor. Thus,
the attention values of anomaly nodes on web browsing oper-
ations are higher than other features, which verifies that our
attention mechanism can assign different importance weights
to different features and focus more on important features.
In CERT r6.2, malicious users are distinguished more by
files, removable device operations, and hacking-related web-
sites browsed during or after work. The attention values of
Web browsing and device operations are higher than other
features. In summary, the evaluation of attention distribution
and attention value indicates that our proposed DD-GCN is
able to assign more significant importance weights to more
critical information and features adaptively.
3) Parameter Study: To examine the sensitivity of the
parameters of our proposed model, we investigate the balance
parameter ω for the feature similarity mechanism in the feature
domain and the parameters of two constraints in both datasets.
The results are shown in Fig. 7.
a) Analysis of balance parameter ω of feature domain:
As ω is used to balance the feature similarity for the feature
domain and original linkage in the topology domain, we study
the performance of DD-GCN for insider threat detection
 1648
with the balance parameter ω ranging from 0.1 to 0.9 for
CERT r4.2 and CERT r6.2 in the first column of Fig. 7.
The parameter of combination constraint γ and difference
constraint coefficient β are set to 0.001 and 5e-9. From Both
figures, the accuracy increases first and then decreases. This
performance may be because when ω is smaller, the adjacency
matrix in the feature domain is similar to that in topology,
which is not much different from GCN. Also, larger ω may
introduce more noisy edges and ignore the original linkage
among nodes.
b) Analysis of combination constraint parameter γ : In
order to test the effect of the combination constraint coefficient
γ , we deploy the experiments of γ varying from 0 to 10,000.
The results of CERT r4.2 and CERT r6.2 are shown in the
second column of Fig. 7. The balance parameter ω is set to
0.6, and the difference constraint coefficient is set to 5e-9.
With the increase of γ , the accuracy rises first and drops after.
The reason behind this performance probably because more
labeled data brings more information to feature and topology
domains. Furthermore, the curves of all label rates display
similar varying trends.
c) Analysis of difference constraint parameter β: After
testing the effect of the combination constraint coefficient,
we examine the coefficient of the difference constraint and
vary it from 0 to 1e-5. The result of CERT r4.2 and CERT
r6.2 are shown in the third column of Fig. 7. Similar to the
result of the parameter of combination constraint, the accuracy
rises first and drops after. Conversely, the performance drops
significantly when β increases to 1e-9. While β between 5e-
9 and 1e-10, the result of the label rate of 60% is steadier
than that with the label rate of 30% and 15%. Moreover, even
for the label rate of 15%, the accuracy still increases, which
implies our proposed DD-GCN can achieve better results with
all label rates.
C. Insider Threat Detection Analysis
We compare our proposed insider threat detection via
Dual-Domain GCN with other state-of-the-art methods, such
as traditional machine learning-based and deep learning-based
methods. The traditional machine learning methods applied
to compare in this section include support vector machine
(SVM), random forest (RF), logic regression (LR), and
two outstanding machine learning-based methods of anomaly
detection. The deep learning-based schemes in this section
comprise two categories: manually structured skeleton data
approaches and graph-based architectures. We conducted the
experiments 10 times and reported the average values and stan-
dard deviation. The information of these traditional machine
learning methods and deep learning paradigms will be shown
below, and the parameters applied in this part are γ =0.001,
β=5e-8, ω=0.6:
• Lightweight on-line Detector of Anomalies (LODA)
[42] is a method that consists an anomaly detector based
on a weak histogram with a robust detector.
• Local Outlier Factor (LOF) [43] is a density-based
algorithm and the core part of it is characterizing the
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 18, 2023
density of data points. LOF reflects the degree of the
anomaly of a sample mainly by calculating a score.
• Auto-Encoder (AE) [44] is a form of multi-layer neural
network that compresses and reproduces data.
• Long Short Term Memory (LSTM) is widely-used
to model the long sequences and capture the long-time
dependence.
• Convolutional Neural Network (CNN) is a typical
model in deep learning for computer vision, which
achieves shift, scale, and distortion invariance through
local receptive fields, shared weights, and sub-sampling.
• Graph Convolutional Network (GCN) learns node rep-
resentations through aggregating information from neigh-
bors, which is a variant of graph neural network and can
be applied to semi-supervised multi-class classification
task.
• Graph Convolutional Network with Feature Aug-
mentation (GCN-FA) [19] is a GCN based model for
insider threats detection with feature augmentation via a
weighted feature function.
1) Comparison with Machine Learning-Based Methods:
The comparison results are reported in Table IV. Different
label rates mean different percent of labeled nodes per class
in the training set. We have the following observations:
• Our proposed DD-GCN achieves the best performance
over all label rates compared with machine learning
baselines. Especially for accuracy, DD-GCN achieves
accuracy of around 98.21% and 98.65% for CERT
r4.2 and r6.2, respectively. Maximum relative improve-
ment is about 13.86% in CERT r4.2 and 14.24% in CERT
r6.2. As for the F1 score, DD-GCN reaches the best
result, around 93.04%, which improves around 30% than
other traditional machine learning-based methods in both
datasets. These results demonstrate the effectiveness of
DD-GCN.
• Compared with traditional machine learning meth-
ods, DD-GCN outperforms in all label rates. Because
DD-GCN extracts not only user behavior feature infor-
mation but also the relationship information between
topology structure and user features.
The reason behind this indicates that the sophisticated fea-
ture and relationships of structural information are fundamen-
tal for insider threat detection task, which traditional machine
learning-based schemes neglect. Moreover, the number of
representative features of user behavior considered in this
work is less than traditional machine learning-based schemes
require, which undermines the performance of traditional
machine learning baselines. Also, the size of the dataset is
another concern for machine learning baselines. For example,
LODA can be theoretically improved with more training data.
In some cases, the performance of LOF is better than other
algorithms because the identified anomalies are determined by
the local features that other algorithms may ignore. However,
LOF suffers from long training and prediction time. LODA
requires lower time complexity, which makes it suitable for
time essence detection tasks.
 LI et al.: HIGH ACCURACY AND ADAPTIVE ANOMALY DETECTION MODEL WITH DD-GCN 1649

Fig. 7. Parameter Study. The sensitivity of parameters of Balance Parameter ω, Combination Constraint Coefficient γ and Difference Constraint Coefficient
β.

TABLE IV
R ESULTS (%) C OMPARED W ITH M ACHINE L EARNING -BASED M ETHODS

Comparing the results in Table III and IV, we can find
that despite two constraints, DD-GCN-w/o still outperforms
other schemes, indicating that our proposed framework is
competitive.
2) Comparison with Deep Learning-Based Methods: The
results of accuracy and F1-score are summarized in Table V.
The first observation is the overwhelming performance of
graph-based architecture compared with the structured-based
skeleton ones, such as CNN and LSTM. Even though LSTM
can be considered to extract structural information successfully
according to their data-driven architectures, solid improve-
ments can not be evident when modeling irregular skeleton
data, such as a graph. For better performance of structure
skeleton data schemes for insider threat detection tasks, LSTM
can be applied to extract the sequence feature of user behavior
and process it to CNN for classification tasks.
The results of DD-GCN and GCN-FA are better than
GCN, which verifies that the feature domain contributes more
significantly to this task. DD-GCN consistently outperforms
GCN-FA and GCN with all label rates, which indicates the
effectiveness of the adaptive attention mechanism and trans-
formation pattern in DD-GCN. DD-GCN can extract more
information than GCN and achieve better accuracy, around
98.21% and 98.65% of the two datasets, respectively. The
maximum relative improvement of accuracy is 6.57%. For
the performance of the F1 score, our approach improves by
around 7.36%. For the 60% label rate, DD-GCN achieves
higher accuracy than GCN with a similar F1 score.
Comparing GCN-FA and GCN, we can find that struc-
tural differences exist between topology and feature domains,
and performing convolutional operation only on the topology
domain does not show a better result than on the feature

Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
 1650
TABLE V
R ESULTS (%) C OMPARED W ITH D EEP L EARNING -BASED M ETHODS
Fig. 8. Precision-Recall curve of Deep Learning methods. The
precision-recall curves of DD-GCN and other competitive deep learning
methods. DD-GCN, GCN-FA and GCN are significantly perform better than
other deep learning methods.
domain, especially when the data have a more relative rela-
tionship on feature domain than linkage. In addition, DD-
GCN outperforms GCN-FA verifies the effectiveness of the
attention mechanism. Our proposed Dual-Domain GCN is
better deployed and more suitable for feature allocation and
learning representations for insider threat detection task.
In addition to accuracy and F1-score, we also test the
precision-recall curves (PR-curves) of deep learning methods.
The result of PR-curves are shwon in and Fig. 8. The figure
shows the PR curves of DD-GCN and competitive deep
learning methods. Compared with GCN-FA and GCN, the
performance gain of DD-GCN is significantly attributed to
the introduction of both the topology domain and feature
domain. The recall at 90% precision is improved around
7.32% and 9.84% in dataset CERT r4.2 and r6.2, respectively.
When comparing GCN-FA and GCN, the improvement is
not prominent, which indicates that the performance lift by
considering a single domain is not promising. Besides, DD-
GCN, GCN-FA, and GCN significantly perform better than
CNN, LSTM, and AE. Compared with other competitive
deep learning baselines, the promising performance indicates
that DD-GCN can extract the most correlated user behavior
information and distinguish the normal and malicious users
based on these activity tracks.
D. Model Complexity and Computational Time Analysis
As our proposed DD-GCN contains two convolution opera-
tions, the time complexity of DD-GCN depends on the number
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 18, 2023
TABLE VI
C OMPUTATIONAL T IME A NALYSIS
of nodes and edges in these two domains. Suppose the number
of nodes in these two domains is n, m T and m F are the number
of edges in these two domains, respectively. And m is the
total number of edges in these two domains. For the training
algorithm of DD-GCN, the number of layers of convolution
operation in these two domains are denoted as L T and L F , and
the layer of convolution operation is same which is denoted as
L. For simplicity, the dimensions of the node hidden features
remain constant, denoted by d. The memory complexity of
DD-GCN is O(Lnd +K d 2 ). The time complexity of DD-GCN
is O(Lm T d + Ln T d 2 ) + O(Lm F d + Ln F d 2 ) = O(Lmd +
Lnd 2 ).
To investigate the computational performance of our pro-
posed DD-GCN, we select Floating Point Operations (FLOPs)
as a metric to examine time performance against GCN-FA
and GCN since they have comparable accuracy. We choose
the label rate of 60% and CERT r6.2 dataset. The results
of DD-GCN, GCN-FA, and GCN in terms of accuracy and
efficiency trade-offs (Latency) are shown in Table VI. The
latency we used in this section is in term of running time.
For comparison, we express latency as a percent form, i.e.,
the less, the better. From this table, we find that DD-GCN
gets unsurprisingly higher FLOPs than GCN-FA and GCN
since DD-GCN conducts two domain convolutional operations
and attention mechanism, which takes some time to process
than other methods. During the application of our proposed
model and other comparable graph-based paradigms, there is
no significant difference in their latency due to the size of
datasets and the selection of features. In contrast, DD-GCN
achieves the best accuracy with a clear margin.
 LI et al.: HIGH ACCURACY AND ADAPTIVE ANOMALY DETECTION MODEL WITH DD-GCN
V. S UMMARY AND F UTURE W ORK
In this paper, we propose Dual-Domain GCN, a novel
graph-based model for insider threat detection. The key idea
behind DD-GCN is fusing user behavior from structural topol-
ogy and feature information. A weighted feature similarity
mechanism function is designed to convert user log entries into
heterogeneous graphs via leveraging relationship information
between users and their corresponding activities features.
We extract specific graph embeddings from structural topology
and feature information simultaneously to analyze the graph,
transforming behavior information into high-level representa-
tions. Meanwhile, an attention mechanism is applied to learn
the importance weight of each node’s embedding within these
two domains so as to fuse them adaptively. The evaluation
of DD-GCN on public datasets demonstrates that DD-GCN
based detection model achieves improved detection accuracy
and outperforms other state-of-the-art traditional techniques
based insider detection models.
In future work, we plan to apply the DD-GCN based model
to other practical applications to evaluate its feasibility and
scalability further. We think the process of creating anomaly
detection models in many other areas (such as network traffic
anomaly detection and fraud detection) could be similar to
our proposed model with only a few changes in the feature
extraction process. In addition, since the number of labeled
attack samples in insider threat is limited, we wonder if the
pre-training GCN model is capable of tackling this situation.
Thus, we will seek to incorporate the pre-training mechanism
into our model in future work.
R EFERENCES
[1] L. Liu, O. de Vel, Q.-L. Han, J. Zhang, and Y. Xiang, “Detect-
ing and preventing cyber insider threats: A survey,” IEEE Commun.
Surveys Tuts., vol. 20, no. 2, pp. 1397–1417, 2nd Quart., 2018, doi:
10.1109/COMST.2018.2800740.
[2] U.S. Cybercrime-Survey. (2015). CERT Division of the
Software Engineering Institute, Price Waterhouse Cooper.
[Online]. Available: http://www.pwc.com/us/en/increasing-it-
effectiveness/publications/assets/2015-us-cybercrime-survey.pdf
[3] Verizon 2018 Data Breach Investigations Report. (2018). [Online].
Available: http://www.verizon-enterprise.com/resources/reports/
[4] Dtex Systems. (2018). 2018 Insider Threat Intelligence Report.
[Online]. Available: http://www.dtex-systems.com/2018-insider-threat-
intelligence-report/
[5] X. Feng, Z. Zheng, D. Cansever, A. Swami, and P. Mohapatra, “Stealthy
attacks with insider information: A game theoretic model with asym-
metric feedback,” in Proc. IEEE Mil. Commun. Conf., Nov. 2016,
pp. 277–282.
[6] B. A. Alahmadi, P. A. Legg, and J. R. C. Nurse, “Using Internet activity
profiling for insider-threat detection,” in Proc. 17th Int. Conf. Enterprise
Inf. Syst., 2015, pp. 709–720.
[7] N. T. Kipf and M. Welling, “Semi-supervised classification with graph
convolutional networks,” in Proc. ICLR, 2017, pp. 1–14.
[8] Y. Chen, C. M. Poskitt, and J. Sun, “Learning from mutants: Using code
mutation to learn and monitor invariants of a cyber-physical system,” in
Proc. IEEE Symp. Secur. Privacy (SP), May 2018, pp. 648–660, doi:
10.1109/SP.2018.00016.
[9] X. Shu, D. Yao, N. Ramakrishnan, and T. Jaeger, “Long-span program
behavior modeling and attack detection,” ACM Trans. Privacy Secur.,
vol. 20, no. 4, pp. 1–28, Nov. 2017, doi: 10.1145/3105761.
[10] P. A. Legg, O. Buckley, and M. Goldsmith, “Caught in the act of an
insider attack: Detection and assessment of insider threat,” in Proc. IEEE
Symp. Technol. Homeland Secur., Apr. 2015, pp. 1–6.
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
1651
[11] I. Homoliak, F. Toffalini, J. Guarnizo, Y. Elovici, and M. Ochoa, “Insight
into insiders and IT: A survey of insider threat taxonomies, analysis,
modeling, and countermeasures,” ACM Comput. Surveys, vol. 52, no. 2,
pp. 1–40, Mar. 2020.
[12] H. A. Kholidy, F. Baiardi, and S. Hariri, “DDSGA: A data-driven
semiglobal alignment approach for detecting masquerade attacks,” IEEE
Trans. Dependable Secure Comput., vol. 12, no. 2, pp. 164–178,
Jun. 2015.
[13] M. Du, F. Li, G. Zheng, and V. Srikumar, “DeepLog: Anomaly detection
and diagnosis from system logs through deep learning,” in Proc.
ACM SIGSAC Conf. Comput. Commun. Secur., New York, NY, USA,
Oct. 2017, pp. 1285–1298, doi: 10.1145/3133956.3134015.
[14] A. Tuor, S. Kaplan, B. Hutchinson, N. Nichols, and S. Robinson,
“Deep learning for unsupervised insider threat detection in structured
cybersecurity data streams,” 2017, arXiv:1710.00811.
[15] S. Yuan, P. Zheng, X. Wu, and Q. Li, “Insider threat detection via
hierarchical neural temporal point processes,” in Proc. IEEE Int. Conf.
Big Data (Big Data), Dec. 2019, pp. 1343–1350.
[16] Y. Shen, E. Mariconti, P. A. Vervier, and G. Stringhini, “Tiresias:
Predicting security events through deep learning,” in Proc. ACM SIGSAC
Conf. Comput. Commun. Secur., New York, NY, USA, Oct. 2018,
pp. 592–605, doi: 10.1145/3243734.3243811.
[17] T. Hu, W. Niu, X. Zhang, X. Liu, J. Lu, and Y. Liu, “An insider threat
detection approach based on mouse dynamics and deep learning,” Secur.
Commun. Netw., vol. 2019, pp. 1–12, Feb. 2019.
[18] M. Oka, Y. Oyama, and K. Kato, “Eigen co-occurrence matrix method
for masquerade detection,” in Proc. 7th JSSST SIGSYS Workshop Syst.
Program. Appl. (SPA). Tsukuba, Japan: Tsukuba Univ., 2004.
[19] J. Jiang et al., “Anomaly detection with graph convolutional networks
for insider threat and fraud detection,” in Proc. IEEE Mil. Commun.
Conf. (MILCOM), Nov. 2019, pp. 109–114.
[20] F. Liu, Y. Wen, D. Zhang, X. Jiang, X. Xing, and D. Meng, “Log2vec:
A heterogeneous graph embedding based approach for detecting cyber
threats within enterprise,” in Proc. ACM SIGSAC Conf. Comput. Com-
mun. Secur., New York, NY, USA, Nov. 2019, pp. 1777–1794, doi:
10.1145/3319535.3363224.
[21] M. N. Hossain et al., “SLEUTH: Real-time attack scenario reconstruc-
tion from COTS audit data,” in Proc. USENIX Secur. Symp., 2017,
pp. 487–504.
[22] S. Ma, J. Zhai, F. Wang, K. H. Lee, X. Zhang, and D. Xu, “MPI:
Multiple perspective attack investigation with semantics aware execution
partitioning,” in Proc. USENIX Secur. Symp., 2017, pp. 1111–1128.
[23] Y. Tang et al., “NodeMerge: Template based efficient data reduction
for big-data causality analysis,” in Proc. ACM SIGSAC Conf. Comput.
Commun. Secur., New York, NY, USA, Oct. 2018, pp. 1324–1337, doi:
10.1145/3243734.3243763.
[24] J. Chen, T. Ma, and C. Xiao, “FastGCN: Fast learning with graph
convolutional networks via importance sampling,” in Proc. ICLR, 2018,
pp. 1–15.
[25] Y. Ma, S. Wang, C. C. Aggarwal, and J. Tang, “Graph convolutional
networks with EigenPooling,” in Proc. 25th ACM SIGKDD Int. Conf.
Knowl. Discovery Data Mining, Jul. 2019, pp. 723–731.
[26] M. Qu, Y. Bengio, and J. Tang, “GMNN: Graph Markov neural
networks,” in Proc. ICML, 2019, pp. 5241–5250.
[27] J. Bruna, W. Zaremba, A. Szlam, and Y. LeCun, “Spectral networks and
locally connected networks on graphs,” in Proc. ICLR, 2013, pp. 1–14.
[28] M. Defferrard, X. Bresson, and P. Vandergheynst, “Convolutional neural
networks on graphs with fast localized spectral filtering,” in Proc.
NeurIPS, 2016, pp. 3844–3852.
[29] W. Hamilton, Z. Ying, and J. Leskovec, “Inductive representation
learning on large graphs,” in Proc. NeurIPS, 2017, pp. 1024–1034.
[30] P. Velickovic, G. Cucurull, A. Casanova, A. Romero, P. Liò, and
Y. Bengio, “Graph attention networks,” in Proc. ICLR, 2017, pp. 1–12.
[31] H. Pei, B. Wei, K. C. C. Chang, Y. Lei, and B. Yang, “Geom-
GCN: Geometric graph convolutional networks,” in Proc. ICLR, 2020,
pp. 1–12.
[32] B. Xu, H. Shen, Q. Cao, Y. Qiu, and X. Cheng, “Graph wavelet neural
network,” in Proc. ICLR, 2019, pp. 1–13.
[33] F. Monti, D. Boscaini, J. Masci, E. Rodola, J. Svoboda, and
M. M. Bronstein, “Geometric deep learning on graphs and manifolds
using mixture model CNNs,” in Proc. IEEE Conf. Comput. Vis. Pattern
Recognit. (CVPR), Jul. 2017, pp. 5425–5434.
[34] Q. Li, Z. Han, and X. Wu, “Deeper insights into graph convolu-
tional networks for semi-supervised learning,” in Proc. AAAI, 2018,
pp. 3538–3545.
 1652 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 18, 2023
[35] N. T. Hoang and T. Maehara, “Revisiting graph neural networks: All
we have is low-pass filters,” 2019, arXiv:1905.09550.
[36] F. Wu, T. Zhang, A. H. D. Souza, C. Fifty, T. Yu, and Q. K. Weinberger,
“Simplifying graph convolutional networks,” in Proc. ICML, 2019,
pp. 6861–6871.
[37] D. Bo, X. Wang, C. Shi, and H. Shen, “Beyond low-frequency informa-
tion in graph convolutional networks,” 2021, arXiv:2101.00797.
[38] Z. Wu, S. Pan, F. Chen, G. Long, C. Zhang, and P. S. Yu, “A compre-
hensive survey on graph neural networks,” 2019, arXiv:1901.00596.
[39] W. D. K. Ma, J. P. Lewis, and W. B. Kleijn, “The HSIC bottle-
neck: Deep learning without back-propagation,” in Proc. AAAI, 2019,
pp. 5085–5092.
[40] J. Glasser and B. Lindauer, “Bridging the gap: A pragmatic approach to
generating insider threat data,” in Proc. IEEE Secur. Privacy Workshops,
San Francisco, CA, USA, 2013, pp. 98–104, doi: 10.1109/SPW.2013.37.
[41] A. Paszke, “PyTorch: An imperative style, high-performance deep learn-
ing library,” in Proc. NeurIPS, 2019, pp. 1–12.
[42] T. Pevny, “Loda: Lightweight on-line detector of anomalies,” Mach.
Learn, vol. 102, no. 2, pp. 275–304, 2016.
[43] M. M. Breunig, H.-P. Kriegel, R. T. Ng, and J. Sander, “LOF: Identifying
density-based local outliers,” in Proc. ACM SIGMOD, May 2000,
vol. 29, no. 2, pp. 93–104.
[44] E. Pantelidis, G. Bendiab, S. Shiaeles, and N. Kolokotronis, “Insider
threat detection using deep autoencoder and variational autoencoder
neural networks,” in Proc. IEEE Int. Conf. Cyber Secur. Resilience
(CSR), Jul. 2021, pp. 129–134, doi: 10.1109/CSR51186.2021.9527925.
Ximing Li received the M.S. degree in cybersecurity
from Villanova University in 2019. He is currently
pursuing the Ph.D. degree in cyberspace security
with the Key Laboratory of Trustworthy Distributed
Computing and Service, Ministry of Education, Bei-
jing University of Posts and Telecommunications.
His current research interests include insider threats
detection, graph neural networks, and network secu-
rity.
Xiaoyong Li received the Ph.D. degree in com-
puter science from Xi’an Jiaotong University, Xi’an,
China, in 2009. He is currently a Professor and
the Executive Director of the School of Cyberspace
Security, Beijing University of Posts and Telecom-
munications. He has published more than 130 papers
in prestigious journals and conference proceedings.
His current research interests include network secu-
rity, data security, and trusted distributed computing.
In 2009, he was awarded an Outstanding Doctoral
Graduate in Shaanxi Province, China. In 2012,
he was awarded the New Century Excellent Talent in University, China.
In 2015, he won the IET Information Security Premium Award. In 2019,
he was selected as the Capital Science and Technology Leading Talents, and
won the First Prize of Science and Technology Progress Award of the China
Electronics Society. In 2021, he was selected into the China’s National Key
Talent Plan. He has served as a member of the editorial boards for many
journals, such as IEEE N ETWORKING L ETTERS and EURASIP Journal on
Information Security.
Jia Jia (Graduate Student Member, IEEE) received
the M.S. degree from North China Electric Power
University in 2017. He is currently pursuing the
Ph.D. degree in cyberspace security with the Key
Laboratory of Trustworthy Distributed Computing
and Service, Ministry of Education, Beijing Uni-
versity of Posts and Telecommunications. His cur-
rent research interests include data security, network
security, the Internet of Vehicles, and the Internet of
Things.
Authorized licensed use limited to: MIT Art Design and Technology University. Downloaded on February 01,2024 at 10:42:35 UTC from IEEE Xplore. Restrictions apply.
Linghui Li (Member, IEEE) received the Ph.D.
degree from the Institute of Computing Technol-
ogy, University of Chinese Academy of Sciences.
She was a Post-Doctoral Researcher with the Bei-
jing University of Posts and Telecommunications
(BUPT), where she is currently an Associate Pro-
fessor of cyberspace security. Her current research
interests are information security and artificial intel-
ligence.
Jie Yuan (Member, IEEE) received the Ph.D. degree
in cyberspace security from the Beijing University
of Posts and Telecommunications. She has pub-
lished several papers in journals and conference
proceedings. Her current research focuses on cloud
computing, network security, and trusted systems.
Yali Gao (Member, IEEE) received the Ph.D.
degree from the Beijing University of Posts and
Telecommunications, Beijing, China. She was a
Post-Doctoral Researcher with the Beijing Univer-
sity of Posts and Telecommunications, where she
is currently an Associate Professor of cyberspace
security. Her current research interests include cyber
security, distributed computing, and trusted services.
Shui Yu (Fellow, IEEE) received the Ph.D. degree
from Deakin University, Australia, in 2004. He is
currently a Professor with the School of Computer
Science, University of Technology Sydney, Aus-
tralia. His current H-index is 67. He has published
five monographs, edited two books, and more than
500 technical papers at different venues, such as
the IEEE T RANSACTIONS ON D EPENDABLE AND
S ECURE C OMPUTING, the IEEE T RANSACTIONS
ON PARALLEL AND D ISTRIBUTED S YSTEMS , the
IEEE T RANSACTIONS ON C OMPUTERS, the IEEE
T RANSACTIONS ON I NFORMATION F ORENSICS AND S ECURITY, the IEEE
T RANSACTIONS ON M OBILE C OMPUTING, the IEEE T RANSACTIONS ON
K NOWLEDGE AND DATA E NGINEERING, the IEEE T RANSACTIONS ON
E MERGING T OPICS IN C OMPUTING, the IEEE/ACM T RANSACTIONS ON
N ETWORKING, and INFOCOM. He has been promoting the research field of
networking for big data since 2013, and his research outputs have been widely
adopted by industrial systems, such as Amazon cloud security. His research
interests include cybersecurity, network science, big data, and mathematical
modeling. He is an Elected Member of Board of Governors of the IEEE
VTS and ComSoc. He is a member of ACM and AAAS. He is also
serving the editorial boards for the IEEE C OMMUNICATIONS S URVEYS AND
T UTORIALS (Area Editor) and the IEEE I NTERNET OF T HINGS J OURNAL
(Editor). He is also a Distinguished Visitor of the IEEE Computer Society.
He served as a Distinguished Lecturer for the IEEE Communications Society
from 2018 to 2021.