Insider Threat Detection Based on Users’ Mouse Movements and Keystrokes Behavior

Insider threat is considered as one of the most  serious threats in cybersecurity and has been a prime security  concern for government and industry. Traditional approaches  can’t provide efficient solutions, and the threat keeps raising.  In this paper, we propose a new approach to insider threat  detection and prediction based on the user’s mouse movements  and keystrokes behavior. We conduct human subject experiments  with 30 participants and capture their mouse movements and  keystroke dynamics as they perform several computer-based  activities in both benign and malicious scenarios. We extract  features and evaluate our approach using several classifiers and  statistical analysis measures. The results show that participants  performing malicious tasks showed faster speed and longer mouse  movements, and long left click and keystroke duration than the  benign tasks. Our results suggest that users’ mouse movements  and keystrokes behavior can reveal valuable knowledge about  their malicious behavior and can be used as indicators in the  insider threat monitoring and detection frameworks.