Insider threats, such as industrial espionage and theft by an insider (e.g., an employee or other authorized network entity including both users and/or devices) are a growing and significant issue for public and private industries. In many instances, insiders have admitted to taking intellectual property with them to new companies for use in their new positions. As such, many end-users (e.g., businesses, government entities, universities, etc.) attempt to preserve sensitive information (e.g., classified, confidential, etc.) from insider threats using predetermined rules, such as whether an unauthorized insider or network entity has attempted to access such information. However, such rules frequently detect only known methods of misuse with detectable signatures and are thus inadequate to alert users of a potential threat of intent to misuse sensitive information.
Therefore, there is a need for approaches to detect an insider threat, particularly behavior indicating intent to access sensitive information for an unlawful or improper purpose.