A Statistical Analysis Framework for Detecting Insider Threat Activities on Cyber Systems

The purpose of this research is to present BIFROST, a statistical analysis-based insider threat detection system deployable to resource-disadvantaged systems to provide organizations with a method for baselining the network profiles and host activities unique to their operational environments. Our design seeks to alert system operators to focus greater monitoring resources on hosts that exhibit potential characteristics of insider activities and prevent such activities from inflicting harm on the system and information loss for the organization. This system provides a starting point for future work, implementing a proof-of-concept means of detecting insider threat activities; this implementation resulted in best-and worst-case detection rates of ~74% and ~68.2%, respectively, against our test data.