TUM Logo

Anomaly Detection in Team Communication Platforms

Anomaly Detection in Team Communication Platforms

Supervisor(s): Ching-Yu Kao, Wei Herng Choong
Status: finished
Topic: Others
Author: Fabian Höltke
Submission: 2023-07-17
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


Team communication platforms have emerged as vital tools in our professional and personal lives.

They facilitate collaboration, streamline workflow, and serve as indispensable links that connect us to

our colleagues, classmates, and peers. However, as these platforms evolve and gain widespread acceptance,

they simultaneously expose new vulnerabilities for malicious activities, resulting in significant data security

challenges. Detecting attackers on these platforms is particularly daunting, given the high level of assumed

trust among users.

Graph Neural Networks (GNNs), a type of machine learning algorithm specifically designed for graph-based data,

are emerging as a promising solution to tackle evolving security challenges on graph-based data networks. Over recent

years, GNNs have proven to be superior in the field of anomaly detection on graph networks, outperforming traditional

machine learning or heuristic-based approaches.

In this thesis, we introduce ECONAD, a specialized GNN model developed to detect anomalies in team communication

platforms. ECONAD distinguishes itself by incorporating human knowledge about known data breaches through innovative

augmentation strategies and processing team communication platforms through various attack vector-specific perspectives.

In addition, we present a novel dataset, detailing the activities of 250 users on a team communication platform over a period

of three years. This dataset serves as the foundation for testing and evaluating the effectiveness of our anomaly detection model.

Through our experiments, we show that our model surpasses state-of-the-art GNN anomaly detection models when applied to

this unique dataset, outperforming the baseline by up to 35% in recall and 14% in the overall f1 score. Moreover, our approach

unveils graph-based anomalies that existing threat detection methods are unable to identify.