USER BEHAVIOR ANOMALY DETECTION APPROACHES TO MITIGATE INSIDER THREATS

Author

Omar Neil Gonzales, Florida Atlantic University

Semester Award Granted

Summer 2025

Submission Date

August 2025

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Thesis/Dissertation Advisor [Chair]

Kwangsoo Yang

Abstract

Insider threats represent a critical challenge in cybersecurity due to their ability to disguise malicious activity within legitimate user behavior. This dissertation proposes novel approaches to enhance insider threat mitigation through user behavior anomaly detection. First, a systematic survey is conducted to evaluate existing countermeasures, categorizing technical and human-centric strategies while identifying their limitations. building upon these findings, the dissertation introduces two complementary detection frameworks: the contiguous, contextual, and classifying pipeline (C3P), which uses symbolic pattern mining and contextual modeling to autonomously score and classify sequences, and the representation-reconstruction detection (R2D) framework, which leverages causal self-attention and variational autoencoding to identify anomalies in latent space. together, these approaches address key challenges of scalability, limited contextual understanding, and data labeling dependency, providing a more adaptive, interpretable, and robust solution for detecting insider threats in complex user action sequences.

Recommended Citation

Gonzales, Omar Neil, "USER BEHAVIOR ANOMALY DETECTION APPROACHES TO MITIGATE INSIDER THREATS" (2025). Electronic Theses and Dissertations. 115.
https://digitalcommons.fau.edu/etd_general/115