This work addresses the challenge of detecting rare anomalies in multi-channel, non-stationary user logs within enterprise insider threat detection. To this end, we propose a novel method that integrates bias-aware modulation, discrete wavelet transform (DWT), and a resolution-adaptive attention mechanism. The approach enhances anomalous signals by suppressing routine behaviors through bias modulation, extracts multi-resolution features via DWT, and dynamically focuses on critical frequency bands using a learnable attention mechanism. Notably, this is the first study to combine wavelet-based multi-resolution analysis with attention mechanisms for log-based anomaly detection. Evaluated on the CERT r4.2 benchmark, our method significantly outperforms existing approaches, achieving state-of-the-art performance in precision, recall, and F1-score, while demonstrating robustness across varying temporal granularities.

Insider threat detection is a key challenge in enterprise security, relying on user activity logs that capture rich and complex behavioral patterns. These logs are often multi-channel, non-stationary, and anomalies are rare, making anomaly detection challenging. To address these issues, we propose a novel framework that integrates wavelet-aware modulation, multi-resolution wavelet decomposition, and resolution-adaptive attention for robust anomaly detection. Our approach first applies a deviation-aware modulation scheme to suppress routine behaviors while amplifying anomalous deviations. Next, discrete wavelet transform (DWT) decomposes the log signals into multi-resolution representations, capturing both long-term trends and short-term anomalies. Finally, a learnable attention mechanism dynamically reweights the most discriminative frequency bands for detection. On the CERT r4.2 benchmark, our approach consistently outperforms existing baselines in precision, recall, and F1 score across various time granularities and scenarios.