A Consensus-Bayesian Framework for Detecting Malicious Activity in Enterprise Directory Access Graphs
This work addresses the problem of security monitoring for enterprise IT systems by detecting malicious activity, but it appears incremental as it builds on existing opinion dynamics and Bayesian methods without introducing a new paradigm.
The paper tackles the problem of detecting malicious user behavior in enterprise directory access graphs by proposing a consensus-based Bayesian framework that models directories as topics and users as agents, using influence-weighted opinion dynamics to simulate access evolution and detect anomalies via scaled opinion variance. The method is validated on synthetic access graphs, showing sensitivity to logical inconsistencies and robustness under dynamic perturbation, though no concrete numerical results are provided.
This work presents a consensus-based Bayesian framework to detect malicious user behavior in enterprise directory access graphs. By modeling directories as topics and users as agents within a multi-level interaction graph, we simulate access evolution using influence-weighted opinion dynamics. Logical dependencies between users are encoded in dynamic matrices Ci, and directory similarity is captured via a shared influence matrix W. Malicious behavior is injected as cross-component logical perturbations that violate structural norms of strongly connected components(SCCs). We apply theoretical guarantees from opinion dynamics literature to determine topic convergence and detect anomaly via scaled opinion variance. To quantify uncertainty, we introduce a Bayesian anomaly scoring mechanism that evolves over time, using both static and online priors. Simulations over synthetic access graphs validate our method, demonstrating its sensitivity to logical inconsistencies and robustness under dynamic perturbation.