DMHP: Using Dirichlet Marked Hawkes Processes for Insider Threat Detection

In this paper, we present a DirichletMarked Hawkes Process (DMHP) to detect malicious activities frominsiders in real-time. DMHP combines the Dirichlet process andmarked Hawkes processes to model the sequence of user activities.

Running Environment

Python 3.7.3

DateSet

We evaluate DMHP on two kinds of datasets: CERT Insider Threat Dataset and Wikipidia dataset.

Model Evaluation

Run the model on the Insider Threat Dataset by the following command

    python DMHP.py

Authors

Panpan Zheng
- personal website
- google scholar

Citation

I am very glad that you could visit this github and check my research work. If it benefits your work, please refer this work by

Acknowledgments

Appreciate it greatly for every labmate in SAIL lab

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
baselines		baselines
dmhpOutput		dmhpOutput
eval_input		eval_input
raw_input		raw_input
DMHP.py		DMHP.py
DMHP_SMC.py		DMHP_SMC.py
DMHP_Utils.py		DMHP_Utils.py
README.md		README.md
aDems.ipynb		aDems.ipynb
evaluation.ipynb		evaluation.ipynb
feature_map.json		feature_map.json
stream_anomaly_detector.py		stream_anomaly_detector.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

DMHP: Using Dirichlet Marked Hawkes Processes for Insider Threat Detection

Running Environment

DateSet

Model Evaluation

Authors

Citation

Acknowledgments

About

Uh oh!

Releases

Packages

Languages

PanpanZheng/DMHP

Folders and files

Latest commit

History

Repository files navigation

DMHP: Using Dirichlet Marked Hawkes Processes for Insider Threat Detection

Running Environment

DateSet

Model Evaluation

Authors

Citation

Acknowledgments

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages