Salvato in:
Dettagli Bibliografici
Autori principali: Gelman, Haywood, Hastings, John D., Kenley, David
Natura: Preprint
Pubblicazione: 2025
Soggetti:
Accesso online:https://arxiv.org/abs/2509.06920
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866915751700463616
author Gelman, Haywood
Hastings, John D.
Kenley, David
author_facet Gelman, Haywood
Hastings, John D.
Kenley, David
contents Insider threats are a growing organizational problem due to the complexity of identifying their technical and behavioral elements. A large research body is dedicated to the study of insider threats from technological, psychological, and educational perspectives. However, research in this domain has been generally dependent on datasets that are static and limited access which restricts the development of adaptive detection models. This study introduces a novel, ethically grounded approach that uses the large language model (LLM) Claude Sonnet 3.7 to dynamically synthesize syslog messages, some of which contain indicators of insider threat scenarios. The messages reflect real-world data distributions by being highly imbalanced (1% insider threats). The syslogs were analyzed for insider threats by both Sonnet 3.7 and GPT-4o, with their performance evaluated through statistical metrics including accuracy, precision, recall, F1, specificity, FAR, MCC, and ROC AUC. Sonnet 3.7 consistently outperformed GPT-4o across nearly all metrics, particularly in reducing false alarms and improving detection accuracy. The results show strong promise for the use of LLMs in synthetic dataset generation and insider threat detection.
format Preprint
id arxiv_https___arxiv_org_abs_2509_06920
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle An Ethically Grounded LLM-Based Approach to Insider Threat Synthesis and Detection
Gelman, Haywood
Hastings, John D.
Kenley, David
Cryptography and Security
Artificial Intelligence
Computation and Language
Computers and Society
C.2.0; I.2.7; K.4.1; H.3.3
Insider threats are a growing organizational problem due to the complexity of identifying their technical and behavioral elements. A large research body is dedicated to the study of insider threats from technological, psychological, and educational perspectives. However, research in this domain has been generally dependent on datasets that are static and limited access which restricts the development of adaptive detection models. This study introduces a novel, ethically grounded approach that uses the large language model (LLM) Claude Sonnet 3.7 to dynamically synthesize syslog messages, some of which contain indicators of insider threat scenarios. The messages reflect real-world data distributions by being highly imbalanced (1% insider threats). The syslogs were analyzed for insider threats by both Sonnet 3.7 and GPT-4o, with their performance evaluated through statistical metrics including accuracy, precision, recall, F1, specificity, FAR, MCC, and ROC AUC. Sonnet 3.7 consistently outperformed GPT-4o across nearly all metrics, particularly in reducing false alarms and improving detection accuracy. The results show strong promise for the use of LLMs in synthetic dataset generation and insider threat detection.
title An Ethically Grounded LLM-Based Approach to Insider Threat Synthesis and Detection
topic Cryptography and Security
Artificial Intelligence
Computation and Language
Computers and Society
C.2.0; I.2.7; K.4.1; H.3.3
url https://arxiv.org/abs/2509.06920