Insider threat detection is a key challenge in enterprise security, relying on user activity logs that capture rich and complex behavioral patterns. These logs are often multi-channel, non-stationary, and anomalies are rare, making anomaly detection challenging. To address these issues, we propose a novel framework that integrates wavelet-aware modulation, multi-resolution wavelet decomposition, and resolution-adaptive attention for robust anomaly detection. Our approach first applies a deviation-aware modulation scheme to suppress routine behaviors while amplifying anomalous deviations. Next, discrete wavelet transform (DWT) decomposes the log signals into multi-resolution representations, capturing both long-term trends and short-term anomalies. Finally, a learnable attention mechanism dynamically reweights the most discriminative frequency bands for detection. On the CERT r4.2 benchmark, our approach consistently outperforms existing baselines in precision, recall, and F1 score across various time granularities and scenarios.

翻译：内部威胁检测是企业安全领域的关键挑战，其依赖于捕获丰富复杂行为模式的用户活动日志。这些日志通常具有多通道、非平稳特性，且异常事件稀少，使得异常检测尤为困难。为应对这些问题，我们提出一种集成小波感知调制、多分辨率小波分解与分辨率自适应注意力的新型框架，以实现鲁棒的异常检测。我们的方法首先采用偏差感知调制方案来抑制常规行为，同时放大异常偏差；随后通过离散小波变换（DWT）将日志信号分解为多分辨率表示，以同时捕获长期趋势与短期异常；最后通过可学习的注意力机制动态重加权最具判别力的频带以进行检测。在CERT r4.2基准测试中，我们的方法在不同时间粒度和场景下，其精确率、召回率与F1分数均持续优于现有基线模型。