Attention-Enhanced Bidirectional LSTM for Intelligent Insider Threat Detection in Enterprise Networks

Abstract

The diversity and sophistication of insider threats have grown with the growth of internal networks in businesses; these hostile actions now frequently resemble those of actual employees and are extremely challenging to identify. In addition to developing an effective analysis model that can handle the issues of high-dimensionality and sequence in company activity data, this study will propose a high-performance, large-scale framework for insider threat identification. Here, a novel model is put forth to dynamically detect important patterns and contextual anomalies in user behavior sequences by combining bidirectional long short-term memory networks with attention mechanisms. They have been used in the large-scale experiments to guarantee that the simulated corporate logs and public benchmark datasets are representative and diversified. To assess model performance, systematically carry out feature engineering, balanced data splitting, and robust cross-validation. According to the aforementioned findings, the suggested Attention-BiLSTM model has outperformed conventional machine learning and deep neural network baselines in recognizing proven insider threats, achieving a test accuracy of 97.1% and a recall rate of almost 90%. Notably, when skewed data and novel attack types are present, the model exhibits a high detection rate and a low false alarm rate. In order to encourage proactive risk control and fast-reaction mechanisms for shifting operating conditions, this work provides a workable path for real-time implementation in organizational security systems.