| Insider threats are one of the most damaging threats to modern systems. The ubiquity of cybersecurity problems related to insider threats promoted various solutions over the years. However, effective solutions are undermined by mathematical algorithms and host-based event driven techniques that take longer to identify threats while not always delivering better levels of accuracy. In this research, the study argues that a simple regression based model can be as effective as or better than existing detection models. First, the study reviews and analyzes existing detection techniques, methods, and models. Second, it proposes a statistical model called Logistic Regression Model (LRM) that is activity based and analyzes system log files to identify anomalies. The LRM implements a simpler way to analyze activity based data than algorithm driven host based models, while eliminating workflow and profiling processes that are time consuming. Lastly, the study compares the speed and accuracy of identifying insider threats between the LRM and various existing models reviewed. The study concludes that the LRM is faster and delivers the same or better accuracy than other existing models while reducing data compilation and other time consuming processes that demand unnecessary resources. |
