Beyond Firewall: Leveraging Machine Learning for Real-Time Insider Threats Identification and User Profiling

Insider threats pose a significant challenge to organizational cybersecurity, often leading to catastrophic financial and reputational damages. Traditional tools such as firewalls and antivirus systems lack the sophistication needed to detect and mitigate these threats in real time. This paper introduces a machine learning-based system that integrates real-time anomaly detection with dynamic user profiling, enabling the classification of employees into categories of low, medium, and high risk. The system was validated using a synthetic dataset, achieving exceptional accuracy across machine learning models, with XGBoost emerging as the most effective.