信息安全研究2025,Vol.11Issue(12):1108-1116,9.DOI:10.12379/j.issn.2096-1057.2025.12.06
基于SSIMGAN和时间序列Transformer的内部威胁检测模型
Insider Threat Detection Model Based on SSIMGAN and Time Series Transformer
摘要
Abstract
Insider threat detection is a critical component of information security,aiming to protect enterprise networks and data security by preventing damage caused by insider misconduct.This paper proposes a novel insider threat detection framework based on the CERT4.2 dataset.First,we construct multivariate time-series data and design a structural similarity index-driven auxiliary classifier generative adversarial network(SSIM-ACGAN)to augment threat data across different scenarios.This approach addresses the class imbalance issue in the CERT4.2 dataset by generating synthetic samples that closely match the original data distribution.Subsequently,a time series Transformer model with Focal Loss is adopted for classification tasks,enabling the model to prioritize hard-to-classify and minority-class samples.Precision,recall,and F1-score are used as evaluation metrics.Experimental results show that our method achieves a recall of 96.22%and F1-score of 94.22%on the CERT4.2 dataset,outperforming baseline models.These results validate its effectiveness in mitigating data imbalance and reducing false negative rates.关键词
内部威胁检测/生成对抗网络/Transformer/结构相似度指数/数据增强Key words
insider threat detection/generative adversarial networks/Transformer/structural similarity index/data augmentation分类
信息技术与安全科学引用本文复制引用
Feng Kejun,Huang Xiaofang,Song Luhua,Yin Mingyong..基于SSIMGAN和时间序列Transformer的内部威胁检测模型[J].信息安全研究,2025,11(12):1108-1116,9.基金项目
四川省科技厅重点研发项目(2022YFG0321) (2022YFG0321)
四川省自然科学基金项目(2022NSFSC0916) (2022NSFSC0916)
