A Model-Based Approach to Predicting the Performance of Insider Threat Detection Systems

Abstract

Recent high profile security breaches have highlighted the importance of insider threat detection systems for cybersecurity. However, issues such as high false positive rates and concerns over data privacy make it difficult to predict performance within an enterprise environment. These and other issues limit an organization's ability to effectively apply these tools. In this paper, we present an approach to predicting the performance of insider threat detection systems that leverages enterprise-level modeling. We provide a proof of concept of our modeling approach by applying it to a synthetic dataset and comparing its predictions to the ground truth. The results shown here to predict performance can enable enterprises to compare tools and ultimately allow them to make better informed decisions about which insider threat detection systems to deploy.