Go to DBLP homepageRule Generation for Anomalous Behaviors Detection in Enterprises: A Few-Shot Learning Approach via Chain-of-Thoughts
Abstract: Enterprises face security threats from internal anomalous behaviors in dynamic network environments. Existing rule-generation approaches often rely heavily on large amounts of labeled data and are particularly sensitive to data scarcity. In Small and Medium-sized Enterprises (SMEs), limited resources and the imbalance between positive and negative samples make it difficult to obtain sufficient labeled data for detecting anomalous behaviors. This challenge often leads to poor detection performance. To address this issue, this paper proposes an adaptive behavior rule-generation approach that combines Chain-of-Thought (CoT) reasoning and few-shot learning, eliminating the need for large-scale labeled data. In this approach, we employ CoT to perform step-by-step reasoning on user behavior, generating personalized anomalous behavior detection rules based on limited data. To enhance the adaptability and accuracy of the approach, we integrated few-shot learning, enabling the system to learn from a small number of examples and generate effective rules. Experimental results demonstrate that the proposed method achieved an accuracy of 97.56% in generating rules for detecting anomalous behaviors, verifying its strong capability for scenario transfer.
External IDs:dblp:conf/icic/BaoGSGKL25
Loading