Contrastive Learning with Knowledge-Enhanced Prompts for Insider Threat Detection

Download PDF

Haoyang Yu, Yunchuan Guo, WangJing, Mengxiang Zhu, Xuyong Qiang, Zifu Li

Published: 30 Jun 2025, Last Modified: 23 Jan 20262025 International Joint Conference on Neural Networks (IJCNN)EveryoneCC BY-NC-ND 4.0
Abstract: Insider threat detection is essential for protecting organizations from malicious or negligent insiders. This paper proposes a knowledge-enhanced self-contrastive learning framework for insider threat detection in multi-source user behavior graph scenarios. In the user behavior graph representation phase, a multi-head attention mechanism with relation encoding is used to explore user adjacency relations, with node connectivity guiding subgraph sampling. In the knowledge enhancement phase, self-contrastive learning aligns subgraph embeddings with behavior descriptions generated by a prompt template, enriching user behavior features. Finally, the dual-stage detection scheme filters anomalous users using a variational autoencoder and categorizes them through multi-class classification. Experimental results on the CERT insider threat dataset show that our scheme achieves 97.2\% accuracy and an F1 score of 0.72, significantly outperforming existing schemes.