Detecting insider threats

Studies have found the second biggest cyber security threat organisations are currently facing: their own employees.

When an insider has legitimate access, knowledge of the system and the ability to hide their actions, these threats are not only hard to defend against but difficult to even detect. 

The goals for this project were to investigate different methods for insider threat detection and to identify an effective solution. We create comprehensive user models of employees to track their regular behaviour and characteristics. These models allow us to detect anomalous activities and potential insider threats. The detection tools produced can be effectively utilised by analysts. We also use previous research to theorise how the tools can be applied and extended for a complete defence solution.

Securing our future


Computer Science

Roland Croft

vote for this project: sf23

Back to project list