Pang, M. and Ou, W. and Meng, W. and Shen, M. and Yue, Q. and Han, W. (2026) MSGL : A multi-scale group learning model for insider threat detection. Expert Systems with Applications, 323: 132379. ISSN 0957-4174
Full text not available from this repository.Abstract
The insider threat refers to actions of organizational users who abuse their authorized privileges to compromise information assets, and the detection of it has become a crucial task in cybersecurity management. Existing approaches primarily rely on user behavior logs for detection, but they often fail to capture the multi-scale temporal dynamics of user behaviors and the structural relationships within user groups, which limits their effectiveness in insider threat detection. To address these limitations, we propose a multi-scale group learning model (MSGL) for insider threat detection. It mainly consists of three key components: (1) a multi-scale collaborative temporal feature extraction module that leverages a weighted attention mechanism to model behavioral dynamics at different granularities and achieves cross-scale information fusion; (2) the group structure-aware module is designed to capture structural dependencies among users by the aggregation mechanism of graph neural networks, while incorporating group-sparsity regularization to attenuate spurious associations and accentuate underlying common patterns; and (3) an individual learning module for capturing deviations via sparse attention, which facilitates disentangled representations of group-level commonalities and specific characteristics of users. Experimental results on the CERT r4.2 and CERT r5.2 datasets demonstrate the effectiveness of MSGL, achieving detection accuracies of 96.28% and 97.41%, respectively.