Multi-Axis Trust Modeling for Interpretable Account Hijacking Detection

A novel AI framework for cybersecurity, detailed in a new arXiv paper, takes an unexpected source of inspiration: 8th-century Islamic scholarship. Researcher Mohammad AL-Smadi's "Multi-Axis Trust Modeling for Interpretable Account Hijacking Detection" translates the methods used by Hadith scholars to verify the chain and integrity of religious narrators into a modern system for detecting compromised user accounts. The model assesses accounts across five interpretable trust axes—long-term integrity, behavioral precision, contextual continuity, cumulative reputation, and anomaly evidence—which are converted into 26 specific behavioral features. This approach moves beyond simple anomaly scores to provide a semantically meaningful profile of user trustworthiness.

Evaluated on real-world cloud activity data, the model demonstrated exceptional performance. On the CLUE-LDS dataset with 23,094 activity windows, a Random Forest classifier trained on these trust features achieved near-perfect detection of injected hijacking scenarios, significantly outperforming models based on raw event counts and standard unsupervised anomaly detection. The framework's robustness was further tested on the challenging CERT Insider Threat dataset, known for extreme class imbalance. Here, the addition of lightweight temporal features to track short-term changes in trust signals provided a substantial boost, improving ROC-AUC from 0.776 to 0.844 on a 500-user subset and from 0.627 to 0.715 on a larger 4,000-user configuration. This demonstrates the system's practical effectiveness in complex, real-world environments where malicious behavior is sparse and subtle.