Malevolent Activity Detection with Hypergraph Hypergraph-Based Based Models
Abstract: We propose a hypergraph hypergraph-based based framework for modeling and detecting malevolent activities. The proposed model supports the specification of orderorder independent sets of action symbols along with temporal and cardinality constraints on the execution of actions. We study and character characterize ize the problems of consistency checking, equivalence, and minimality of hypergraph-based hypergraph models. In addition, we define and characterize the general activity detection problem, that amounts to finding all subsequences that represent a malevolent activity in a sequence of logged actions. Since the problem is intractable, we also develop an index data structure that allows the security expert to efficiently extract occurrences of activities of interest.