Go to DBLP homepageDPI-ITD: A Dual-Perspective Information-Driven Framework for Insider Threat Detection in IoT Systems
Abstract: In Internet of Things (IoT) environments, insider threat detection has advanced with the integration of deep learning techniques, which can effectively model complex behaviors and heterogeneous data. However, the fragmented nature of IoT logs, behavioral redundancy, and the sparsity of insider actions increase detection complexity. While fine-grained behavior classification can improve accuracy, it also raises computational overhead, limiting applicability in resource-constrained scenarios. To address these challenges, we propose dual-perspective information-driven framework for insider threat detection (DPI-ITD), which combines user-centric and behavior-centric analyses to enhance detection efficiency and accuracy. DPI-ITD introduces a symbolic tagging strategy guided by tagging scores (TS), derived from user action diversity and behavioral context, to filter redundant fragments and focus on high-impact behaviors. It further incorporates an adaptive embedding mechanism based on GloVe, which dynamically adjusts the context window for rare but critical actions. Experiments on multiple closed and open behavioral datasets demonstrate DPI-ITD’s superior detection performance, scalability, and efficiency, confirming its suitability for lightweight deployment in real-world IoT security systems.
External IDs:dblp:journals/iotj/KongJLXLG25
Loading