In network security the organizations are ever growing to identify insider threats. Those who have authorized access to sensitive organizational placed in a position of power that could well be abused and could cause significant damage to an organization. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization describe an automated system that is capable of detecting insider threats within an organization. We

more »

... a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to o a consistent representation of features that provide a rich description of the user's behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have perfor experimentation using that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst.