Caught in the act of an insider attack: detection and assessment of insider threat (original) (raw)

The paper addresses the critical issue of insider threats within organizations, highlighting the dual role of employees and contractors as both valuable assets and potential risks. It introduces a novel anomaly detection system known as Corporate Insider Threat Detection (CITD), which leverages behavioral profiling to identify deviations in user activity that may indicate malicious intent. The proposed system also emphasizes the importance of human analyst involvement for refining detection capabilities and reducing false positives.