Scalable and Ethical Insider Threat Detection through Data Synthesis and Analysis by LLMs

TL;DR

This paper explores using large language models to analyze and detect insider threat sentiment in job reviews, employing synthetic data to address ethical concerns and demonstrating promising alignment with human evaluations.

Contribution

It introduces a scalable, ethical approach for insider threat detection using LLM-generated synthetic data and compares its effectiveness against human assessments.

Findings

LLMs align well with human evaluations in threat sentiment detection

Synthetic data improves detection performance over human-generated data

Lower text diversity observed in synthetic datasets

Abstract

Insider threats wield an outsized influence on organizations, disproportionate to their small numbers. This is due to the internal access insiders have to systems, information, and infrastructure. %One example of this influence is where anonymous respondents submit web-based job search site reviews, an insider threat risk to organizations. Signals for such risks may be found in anonymous submissions to public web-based job search site reviews. This research studies the potential for large language models (LLMs) to analyze and detect insider threat sentiment within job site reviews. Addressing ethical data collection concerns, this research utilizes synthetic data generation using LLMs alongside existing job review datasets. A comparative analysis of sentiment scores generated by LLMs is benchmarked against expert human scoring. Findings reveal that LLMs demonstrate alignment with human evaluations in most cases, thus effectively identifying nuanced indicators of threat sentiment. The performance is lower on human-generated data than synthetic data, suggesting areas for improvement in evaluating real-world data. Text diversity analysis found differences between human-generated and LLM-generated datasets, with synthetic data exhibiting somewhat lower diversity. Overall, the results demonstrate the applicability of LLMs to insider threat detection, and a scalable solution for insider sentiment testing by overcoming ethical and logistical barriers tied to data acquisition.