Academic

Multi-Axis Trust Modeling for Interpretable Account Hijacking Detection

arXiv:2603.13246v1 Announce Type: new Abstract: This paper proposes a Hadith-inspired multi-axis trust modeling framework, motivated by a structurally analogous problem in classical Hadith scholarship: assessing the trustworthiness of information sources using interpretable, multidimensional criteria rather than a single anomaly score. We translate five trust axes - long-term integrity (adalah), behavioral precision (dabt), contextual continuity (isnad), cumulative reputation, and anomaly evidence - into a compact set of 26 semantically meaningful behavioral features for user accounts. In addition, we introduce lightweight temporal features that capture short-horizon changes in these trust signals across consecutive activity windows. We evaluate the framework on the CLUE-LDS cloud activity dataset with injected account hijacking scenarios. On 23,094 sliding windows, a Random Forest trained on the trust features achieves near-perfect detection performance, substantially outperforming m

M
Mohammad AL-Smadi · · 1 min read · 2 views
#cs.AI

arXiv:2603.13246v1 Announce Type: new Abstract: This paper proposes a Hadith-inspired multi-axis trust modeling framework, motivated by a structurally analogous problem in classical Hadith scholarship: assessing the trustworthiness of information sources using interpretable, multidimensional criteria rather than a single anomaly score. We translate five trust axes - long-term integrity (adalah), behavioral precision (dabt), contextual continuity (isnad), cumulative reputation, and anomaly evidence - into a compact set of 26 semantically meaningful behavioral features for user accounts. In addition, we introduce lightweight temporal features that capture short-horizon changes in these trust signals across consecutive activity windows. We evaluate the framework on the CLUE-LDS cloud activity dataset with injected account hijacking scenarios. On 23,094 sliding windows, a Random Forest trained on the trust features achieves near-perfect detection performance, substantially outperforming models based on raw event counts, minimal statistical baselines, and unsupervised anomaly detection. Temporal features provide modest but consistent gains on CLUE-LDS, confirming their compatibility with the static trust representation. To assess robustness under more challenging conditions, we further evaluate the approach on the CERT Insider Threat Test Dataset r6.2, which exhibits extreme class imbalance and sparse malicious behavior. On a 500-user CERT subset, temporal features improve ROC-AUC from 0.776 to 0.844. On a leakage-controlled 4,000-user configuration, temporal modeling yields a substantial and consistent improvement over static trust features alone (ROC-AUC 0.627 to 0.715; PR-AUC 0.072 to 0.264).

Executive Summary

The article introduces a novel multi-axis trust modeling framework inspired by Hadith scholarship to detect account hijacking with interpretable, multidimensional criteria. By translating five trust axes into 26 behavioral features and incorporating temporal features, the framework achieves superior detection performance on CLUE-LDS and CERT datasets compared to conventional baselines. The approach balances interpretability with effectiveness, demonstrating robustness across varied conditions, including class imbalance and sparse malicious activity.

Key Points

  • Multi-axis trust framework inspired by Hadith scholarship
  • Translation of trust axes into 26 behavioral features
  • Lightweight temporal features enhance detection across datasets

Merits

Detection Performance

Achieves near-perfect detection on CLUE-LDS and significantly outperforms raw event count and anomaly detection models.

Demerits

Scalability Concern

Feature richness may introduce computational overhead in real-time deployment without optimization.

Expert Commentary

This work represents a significant step forward in the intersection of ethical AI and security analytics. The authors ingeniously leverage a historical epistemological framework—Hadith scholarship—to inform modern machine learning in cybersecurity. The translation of abstract theological criteria into structured behavioral features demonstrates a rare synthesis of interdisciplinary thinking and technical rigor. Moreover, the empirical validation across diverse datasets (CLUE-LDS and CERT) confirms the generalizability of the approach, particularly in adversarial settings. While the computational implications warrant further study, the paper’s contribution to the discourse on interpretable security is both timely and substantive. It sets a new benchmark for combining cultural epistemology with algorithmic efficacy in threat detection.

Recommendations

  • Integrate the trust feature set into existing UEBA platforms via API-based feature pipelines
  • Explore model compression techniques to mitigate computational overhead for real-time deployment

Sources

Related Articles