SpiderScan: Practical Detection of Malicious NPM Packages Based on Graph-Based Behavior Modeling and Matching

Occupant behavior and space occupancy provide important information to controlling and optimizing energy use in buildings, especially when it comes to heating/cooling, where Heating, Ventilation, and Air Conditioning (HVAC) systems are in use. Besides, thermal comfort is mainly occupant behavior-dependent, based on his movements and space occupancy inside a building over the daytime. Traditional HVAC system functioning, based on turning OFF/ON of the system at the building level, without taking into account space occupancy, can lead to unnecessary heating/cooling of some rooms, which results in a waste of energy, or an under-heating/undercooling of the rooms leading to a lack of comfort. To optimize energy consumption and occupant comfort, we introduce in this paper a temporal graph-based approach for occupants’ behavior modeling for energy consumption optimization at room level. Our approach combines a graph learning algorithm, a hierarchical clustering to identify frequent occupants movements within the optimal time interval decomposition of days, and a multi-objective problem resolution. We experimented our approach on a 4-week dataset of 4 occupants movements among office rooms. The first results showed that our model helps minimize energy consumption by up to 62.21% compared to conventional functioning of HVAC systems, and fulfills up to 94.02% of occupants’ thermal comfort.

How do anomalies, fraud, and spam effect our models of normal user behavior? How can we modify our models to catch fraudsters? In this tutorial we will answer these questions - connecting graph analysis tools for user behavior modeling to anomaly and fraud detection. In particular, we will focus on three data mining techniques: subgraph analysis, label propagation and latent factor models; and their application to static graphs, e.g. social networks, evolving graphs, e.g. who-calls-whom networks, and attributed graphs, e.g. the who-reviews-what graphs of Amazon and Yelp. For each of these techniques we will give an explanation of the algorithms and the intuition behind them. We will then give brief examples of recent research using the techniques to model, understand and predict normal behavior. With this intuition for how these methods are applied to graphs and user behavior, we will focus on state-of-the-art research showing how the outcomes of these methods are effected by fraud, and how they have been used to catch fraudsters.

This study addresses the limitations of intelligent education systems in multimodal data fusion, scalability, and robustness by proposing a graph-based cognitive modeling framework enhanced with contrastive representation learning. Using interaction data from 186 students and 874,520 records over a semester, heterogeneous behavior graphs are constructed and encoded with a Multi-Head Graph Attention Network (GAT) to capture semantic and temporal dependencies. A contrastive learning module further strengthens embedding robustness, and the optimized representations drive a dynamic strategy engine for adaptive instructional resource allocation. Experimental results demonstrate 93.2% accuracy in learner behavior classification and 90.1% accuracy in clickstream prediction, with a 15.4% improvement in disengagement-signal retention compared to GCN, LSTM, Transformer, and GraphCL baselines. These findings validate the effectiveness and transferability of combining cognitive graph modeling with contrastive learning, advancing both theoretical foundations and practical capabilities of intelligent education systems to reduce dropout risk and enhance engagement.

How can we model users' preferences? How do anomalies, fraud, and spam effect our models of normal users? How can we modify our models to catch fraudsters? In this tutorial we will answer these questions - connecting graph analysis tools for user behavior modeling to anomaly and fraud detection. In particular, we will focus on the application of subgraph analysis, label propagation, and latent factor models to static, evolving, and attributed graphs. For each of these techniques we will give a brief explanation of the algorithms and the intuition behind them. We will then give examples of recent research using the techniques to model, understand and predict normal behavior. With this intuition for how these methods are applied to graphs and user behavior, we will focus on state-of-the-art research showing how the outcomes of these methods are effected by fraud, and how they have been used to catch fraudsters.

Early detection of influenza-like symptoms can prevent widespread flu viruses and enable timely treatments, particularly in the post-pandemic era. Mobile sensing leverages an increasingly diverse set of embedded sensors to capture fine-grained information of human behaviors and ambient contexts, and can serve as a promising solution for influenza-like symptom recognition. Traditionally, handcrafted and high level features of mobile sensing data are extracted by manual feature engineering and convolutional/recurrent neural network respectively. In this work, we apply graph representation to encode the dynamics of state transitions and internal dependencies in human behaviors, leverage graph embeddings to automatically extract the topological and spatial features from graph inputs, and propose an end-to-end graph neural network (GNN) model with multi-channel mobile sensing input for influenzalike symptom recognition based on people's daily mobility, social interactions, and physical activities. Using data generated from 448 participants, we show that GNN with GraphSAGE convolutional layers significantly outperforms baseline models with handcrafted features. Furthermore, we use GNN interpretability method to generate insights (e.g., important nodes and graph structures) about the importance of mobile sensing for recognizing Influenza-like symptoms. To the best of our knowledge, this is the first work that applies graph representation and graph neural network on mobile sensing data for graph-based human behavior modeling and health symptoms prediction.

Personalized recommendation remains a central challenge in modern marketing systems due to the complexity of user-product-query interactions. In this study, we propose a novel framework called DP-GCN (Deterministic Policy Graph Convolutional Network), which integrates multi-level Graph Convolutional Networks (GCNs) with Deep Deterministic Policy Gradient (DDPG) reinforcement learning to model heterogeneous information networks composed of users, products, and search queries. The proposed framework consists of three key components: (1) a graph-based embedding module to capture multi-relational structures; (2) a fusion layer that integrates dynamic and static features from users and items; and (3) a reinforcement learning layer that adaptively updates recommendation policies based on user feedback. We evaluate our model on several public benchmark datasets and a real-world dataset collected from a local e-commerce platform. Results demonstrate that DP-GCN consistently outperforms state-of-the-art baselines in AUC, Precision@K, and NDCG@K. The findings highlight the effectiveness of combining graph-based relational modeling with reinforcement learning for improving both the accuracy and adaptability of personalized recommendation systems.

In this paper, a method for identifying malicious requests is presented, based on an automatically constructed graph, representing users' transitions between the pages. Such a graph is built in real time, utilizing incoming requests, and - assuming that most of the users do not try to exploit the application - represents typical users' behaviors. The method was tested against six sets of log files collected from different servers, totaling over 4.5 million log entries and proved to identify a large number of vulnerability scans against the web sites. The results were compared against LORG.