Behavioral based threat detection

Insider threats pose a significant risk to organizations as they exploit legitimate access to bypass traditional security measures, making them harder to detect than external attacks. This study addresses the challenge by utilizing deep learning to analyze user behavior and identify malicious activities through a carefully selected set of event- based features. By training on the CMU CERT r4.2 dataset, the proposed model effectively learns patterns of adversarial behavior, reducing false positives while maintaining high detection accuracy. The paper presents a deep learning-based approach for insider threat detection, emphasizing behavioral analysis to distinguish between normal and malicious user activities. By leveraging a rich event-based feature set, including logon/logoff events, user roles, and functional units, the model is trained on the CMU CERT r4.2 dataset to identify adversarial behavior with high accuracy and a low false positive rate. The proposed method outperforms several established techniques, including LSTM-CNN, random forest, LSTMRNN, one-class SVM, Markov chain models, multi-state LSTM-CNN, and GRU-Skipgram. Experimental results demonstrate the effectiveness of this approach, achieving 90.60% accuracy, 97% precision, and a 94% F1- score, making it a promising solution for mitigating insider threats in organizations. Key Words:Insider threats, Legitimate access, Bypass security measures, Detection, Deep learning-based approach, User behavior analysis, Event-based features, Logon/logoff events, User roles, Functional units, CMU CERT r4.2 dataset, Adversarial behavior, False positives, LSTM-CNN, Random forest, LSTM-RNN, One-class SVM, Markov chain models, Multi-state LSTM-CNN, GRU-skipgram, Accuracy(90.60%), Precision(97%), F1score(94%), Cybersecurity defenses.