Layered behavioral trace modeling for threat detection

A fundamental problem in detecting threats to security by monitoring computer usage is the high number of false positives that are created when analyzing a large data set for anomalous behavior. We address the problem by modeling user behavior at multiple scales so as to allow for the identification potential insider threats from users´ logged activity by tracking users´ activity over time. In this work, we apply a novel method for representing user activity at multiple temporal scales to a dataset that contains malicious behavior. We report our detection results and discuss how a layered detection method may be advantageous for the discovery of specific types of malicious behavior.