This repository accompanies my Master’s dissertation and provides a reproducible implementation of IAMOD (Information-aware Multi-View Outlier Detection) and a novel temporal-graph extension TG-IAMOD for enterprise lateral movement detection on the LANL dataset.
- Regular: IAMOD 0.849 ± 0.045 AUROC vs TG-IAMOD 0.931 ± 0.019; AP 0.0889 vs 0.0279.
- Ablations (mean over subsets): IAMOD 0.902 ± 0.018 vs TG-IAMOD 0.914 ± 0.011 AUROC; AP 0.0801 vs 0.0230.
- Synthetic: IAMOD 0.792 ± 0.190 vs TG-IAMOD 0.926 ± 0.010 AUROC; AP 0.0130 vs 0.0300.
- auth-only ablation: AUROC ≈ 0.94 (IAMOD 0.938 ± 0.0052; TG-IAMOD 0.942 ± 0.0034).
AUROC is the primary ranking metric in the dissertation; AP is reported for early-rank precision under extreme class imbalance.
Multi-View Temporal Graph Fusion for Lateral Movement Anomaly Detection.ipynb– end-to-end workflow.artifacts/– figures, refined LANL views, meta, and scalers.Datasets/– Parquet feature sets.