As increasingly more enterprises are deploying cloud file-sharing services, this adds a new channel for potential insider threats to company data and IPs. In this paper, we introduce a two-stage machine learning system to detect anomalies. In the prelim stage, we anticipate the entrance logs of cloud record sharing administrations onto relationship diagrams and use three complementary graph-based unsupervised learning methods: OddBall, PageRank and Local Outlier Factor (LOF) to generate outlier indicators. In the second stage, we outfit the exception pointers and present the discrete wavelet change (DWT) strategy, and propose a method to utilize wavelet coefficients with the Haar wavelet capacity to distinguish anomalies for insider danger. The proposed system has been deployed in a real business environment, and demonstrated effectiveness by selected case studies.

Keywords: discrete wavelet transform; Haar wavelet; insider threat detection; cloud file-sharing; graph-based unsupervised learning